A recent study conducted by Ontrack and the Blancco Technology Group found that 42% of hard drives bought on eBay still contain sensitive data and 15% hold personal information, like passport photos, birth certificates, financial records and more. These even include drives where the sellers thought they had successfully cleared the device of all data.
As part of the study, used drives were purchased from eBay and then scanned to see what residual data remained. One drive purchased was from a government software developer, containing passports, birth certificates, and financial data. Other drives contained information like university papers, school student names and grades, internal office emails, freight company shipping data and much more.
The drives purchased were purchased at random and covered some of the big brands like Samsung, Seagate, HP and Dell. Blancco Technology Group offer their own drive wiping software, hence funding the research, and the only requirement was that the drives hadn’t been wiped using this.
Ontrack then took the drives and used their data recovery tools to see what they could bring back. This is because when you delete data from a drive, it isn’t actually removed. Instead, the space the data occupied is now marked as free, ready to be overwritten by some new data. But if it isn’t overwritten then that original data set can still be resurrected.
When the recovery process was complete, the Blancco software was then used to wipe the drives, which the researchers claim is a fool-proof and effective method to remove data on a drive. Other data destruction programs are available, though.
Every seller that the researchers interacted with said that they had performed data sanitisation methods and thought that there would be no data left on the drive and that it couldn’t be recovered.
It shows that while most sellers are aware that they need to remove data from their drives before selling them on, especially when it’s sensitive information, they’re not using the correct – or perhaps good enough – techniques to do so.
It probably goes without saying, but selling a drive that still holds residual personal information is a huge risk. It exposes that individual to cybercrime, along with any other individual or business that had information held on the drive.
If you have a drive that you want to sell or give to someone else, you need to make sure that you’re deploying the correct data destruction software to do the job. In fact, it’s wise to run data recovery software yourself afterwards, just to see if anything can be found.
To be totally secure, a drive should be destroyed once its primary purpose has concluded. Physical destruction is a sure way to ensure data isn’t recoverable. However, even that needs to be undertaken with the proper techniques. Industrial grade shredding is suitable, whereas some DIY home deconstruction is not. Even if you think you have adequately destroyed a drive, it could still be possible to piece it back together and have it functioning.
Nearly Half of Drives Sold on eBay Contain Sensitive Data
No comments yet. Sign in to add the first!