Two-thirds of used disc drives on Craigslist and eBay contain sensitive data

Corporate information and personally identifiable data left on unwiped drives

Two in three used hard drives sold on Craigslist and eBay could contain sensitive corporate information or data that identify the former owner, according to a new study.

From a haul of 200 randomly bought hard drives listed on Craigslist and eBay, Blancco Technology Group found that around 67 per cent of the used drives contained personally identifiable information and 11 per cent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories.

Advertisement - Article continues below

The company said its findings show how "easy, common and dangerous" it was when businesses buy back and/or resell used electronics without properly wiping all data from them. It said that firms failing to wipe drive drives clean before they are resold, repurposed or recycled can cause irreparable damage to customer loyalty, brand reputation and sales, both near-term and long-term.

On 36 per cent of the used HDDs and SSDs containing residual data, users previously attempted to wipe the drives clean by dragging files to the Recycle Bin or using the delete button. A quick format was performed on nearly half (40 per cent) of the used drives with residual data found on them.

Out of the 200 used drives, only 10 per cent had a secure data erasure method performed on them, according to the research.

Advertisement
Advertisement - Article continues below

"With the Ashley Madison hack, in particular, users who wanted to make sure all of their data was erased from the dating site put all of their trust into the site's $20 'Full Delete' program," said Paul Henry, IT security consultant at Blancco Technology Group.

Advertisement - Article continues below

"Even though the obvious identifiers had been removed, enough information was left to expose the site's users. The big lesson for Ashley Madison and any other type of business should be to test that your deletion methods are adequate and to not blindly trust that simply 'deleting' data will truly get rid of all of it for good. Remaining data can still be accessed and recovered unless the data is securely and permanently erased," he added.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020
Visit/business-strategy/it-infrastructure/356258/the-growing-case-for-it-flexibility
Sponsored

The growing case for IT flexibility

30 Jun 2020