Hard drives full of confidential data are still turning up on the second-hand market, researchers have reported.
Investigations carried out on behalf of BT by the University of Glamorgan in the UK, Edith Cowan University in
Australia, and Longwood University in the US, found that thirty-seven percent of drives surveyed had traces of personal data on them.
Damningly, this figure is much the same as it was for the same surveys undertaken by the universities in each of the last two years, suggesting that either companies are ignoring the issue or simply lack the tools to adequately wipe data before resale.
Sensitive information retrieved included salary details, financial data of specific companies, credit card numbers, medical data, visa applications, details of online purchases, and inevitably, online pornography. The sample totalled 350 hard drives acquired in online auctions.
“Given the level of exposure that the subjects of security and identity theft has received in recent times, and the availability of suitable tools to ensure the safe disposal of information, it is difficult to understand why disks are still not being effectively cleaned before they are disposed off,” said BT’s security research head, Dr Andy Jones.
“When organisations dispose off surplus and obsolete computers and hard disks, they must ensure that adequate procedures are in place to destroy any data and also to check that the procedures that are in place are effective - whether they are handled by internal resources or through a third party contractor,” he said.
The full report – which has yet to be made publically available - reveals that buying second-hand disks is an unreliable way to get hold of storage. Of the 133 disks bought in the UK, 44 percent of them didn’t even work. But of those that did, 19 percent had enough information on them to identify the organisation from which they had come, sixty-five percent had enough data to identify named people, and 17 percent contained “illicit” data.