Two-thirds of used disc drives on Craigslist and eBay contain sensitive data

Corporate information and personally identifiable data left on unwiped drives

Two in three used hard drives sold on Craigslist and eBay could contain sensitive corporate information or data that identify the former owner, according to a new study.

From a haul of 200 randomly bought hard drives listed on Craigslist and eBay, Blancco Technology Group found that around 67 per cent of the used drives contained personally identifiable information and 11 per cent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories.

The company said its findings show how "easy, common and dangerous" it was when businesses buy back and/or resell used electronics without properly wiping all data from them. It said that firms failing to wipe drive drives clean before they are resold, repurposed or recycled can cause irreparable damage to customer loyalty, brand reputation and sales, both near-term and long-term.

On 36 per cent of the used HDDs and SSDs containing residual data, users previously attempted to wipe the drives clean by dragging files to the Recycle Bin or using the delete button. A quick format was performed on nearly half (40 per cent) of the used drives with residual data found on them.

Advertisement - Article continues below

Out of the 200 used drives, only 10 per cent had a secure data erasure method performed on them, according to the research.

"With the Ashley Madison hack, in particular, users who wanted to make sure all of their data was erased from the dating site put all of their trust into the site's $20 'Full Delete' program," said Paul Henry, IT security consultant at Blancco Technology Group.

"Even though the obvious identifiers had been removed, enough information was left to expose the site's users. The big lesson for Ashley Madison and any other type of business should be to test that your deletion methods are adequate and to not blindly trust that simply 'deleting' data will truly get rid of all of it for good. Remaining data can still be accessed and recovered unless the data is securely and permanently erased," he added.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019