11% of second hand hard drives contain personal information, study reveals


Old hard drivesBritain’s Information Commissioner’s Office (ICO) has discovered that more than one in every ten second hand hard drives contains recoverable personal information of the original owner.

The ICO commissioned the NCC Group to conduct the investigation, who acquired 200 hard drives, 20 USB sticks and 10 cellphones from internet auction sites and at trade fairs.

The devices were then scoured for personal data with alarming results.

In the case of the hard disks, 11 percent contained personal information. According to the ICO report, 37 percent contained non-personal information, and only 38 percent of devices had been wiped. A further 14 percent of the drives were too damaged to be readable.

34,000 of the files examined contained personal or corporate information – including scanned bank statements, passports, birth certificates, employee information, full bank details, family photos, and tax and medical information.

Naked Security has talked before about the danger of sensitive information falling into the wrong hands because of unsafe disposal of hard drives.

We have even seen the details of a million bank customers sold on eBay on a hard drive costing £35.

Such incidents aren’t always the fault of the company who owned the hard drives, it can be that they’ve trusted a third party organisation to handle the secure disposal of assets. But it’s always us, the unfortunate member of the public, who is most exposed by the sloppy practice.

Although more and more companies do take a higher level of care when getting rid of old computer equipment, there’s clearly still more work to be done.

And don’t forget, on a personal level, when throwing out your creaky old Windows computer or Mac laptop to ensure that you have securely wiped it first to prevent your personal data falling into the wrong hands.

(Although there have been concerns raised recently that secure wiping may be less than effective when dealing with some modern SSD solid state disk drives).

Maybe, once again, it’s time for users and companies to consider the benefits of fully encrypting their hard drives as well as getting in the habit of securely wiping drives as they are junked?

Pile of hard drives image, from ShutterStock