Two-thirds of used disc drives on Craigslist and eBay contain sensitive data

Corporate information and personally identifiable data left on unwiped drives

Two in three used hard drives sold on Craigslist and eBay could contain sensitive corporate information or data that identify the former owner, according to a new study.

From a haul of 200 randomly bought hard drives listed on Craigslist and eBay, Blancco Technology Group found that around 67 per cent of the used drives contained personally identifiable information and 11 per cent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories.

The company said its findings show how "easy, common and dangerous" it was when businesses buy back and/or resell used electronics without properly wiping all data from them. It said that firms failing to wipe drive drives clean before they are resold, repurposed or recycled can cause irreparable damage to customer loyalty, brand reputation and sales, both near-term and long-term.

On 36 per cent of the used HDDs and SSDs containing residual data, users previously attempted to wipe the drives clean by dragging files to the Recycle Bin or using the delete button. A quick format was performed on nearly half (40 per cent) of the used drives with residual data found on them.

Advertisement - Article continues below
Advertisement - Article continues below

Out of the 200 used drives, only 10 per cent had a secure data erasure method performed on them, according to the research.

"With the Ashley Madison hack, in particular, users who wanted to make sure all of their data was erased from the dating site put all of their trust into the site's $20 'Full Delete' program," said Paul Henry, IT security consultant at Blancco Technology Group.

"Even though the obvious identifiers had been removed, enough information was left to expose the site's users. The big lesson for Ashley Madison and any other type of business should be to test that your deletion methods are adequate and to not blindly trust that simply 'deleting' data will truly get rid of all of it for good. Remaining data can still be accessed and recovered unless the data is securely and permanently erased," he added.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020