Two-thirds of used disc drives on Craigslist and eBay contain sensitive data

Corporate information and personally identifiable data left on unwiped drives

Two in three used hard drives sold on Craigslist and eBay could contain sensitive corporate information or data that identify the former owner, according to a new study.

From a haul of 200 randomly bought hard drives listed on Craigslist and eBay, Blancco Technology Group found that around 67 per cent of the used drives contained personally identifiable information and 11 per cent held sensitive corporate data, including company emails, CRM records and spreadsheets containing sales projections and product inventories.

Advertisement - Article continues below

The company said its findings show how "easy, common and dangerous" it was when businesses buy back and/or resell used electronics without properly wiping all data from them. It said that firms failing to wipe drive drives clean before they are resold, repurposed or recycled can cause irreparable damage to customer loyalty, brand reputation and sales, both near-term and long-term.

On 36 per cent of the used HDDs and SSDs containing residual data, users previously attempted to wipe the drives clean by dragging files to the Recycle Bin or using the delete button. A quick format was performed on nearly half (40 per cent) of the used drives with residual data found on them.

Out of the 200 used drives, only 10 per cent had a secure data erasure method performed on them, according to the research.

Advertisement
Advertisement - Article continues below

"With the Ashley Madison hack, in particular, users who wanted to make sure all of their data was erased from the dating site put all of their trust into the site's $20 'Full Delete' program," said Paul Henry, IT security consultant at Blancco Technology Group.

Advertisement - Article continues below

"Even though the obvious identifiers had been removed, enough information was left to expose the site's users. The big lesson for Ashley Madison and any other type of business should be to test that your deletion methods are adequate and to not blindly trust that simply 'deleting' data will truly get rid of all of it for good. Remaining data can still be accessed and recovered unless the data is securely and permanently erased," he added.

Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/business-strategy/flexible-working/355186/why-were-lucky-covid-19-has-come-now
flexible working

Why we’re lucky COVID-19 has come now

3 Apr 2020