Story image

Almost half of storage devices for sale contain personal info, study finds

30 Apr 2019

If you’re thinking of selling a device with any type of storage (for example your smartphone, tablet, PC, laptop, used hard drive, USB stick, or any other storage device), you may want to triple check that you’ve wiped all of your personal information off it before you send it away.

But it seems that many people around the globe don’t even take that step, according to new research from Blancco Technology Group and Ontrack.  The two companies purchased 159 used storage devices from the United States, the United Kingdom, Germany, and Finland. 

They found that 42% of those devices contained sensitive data, and 15% contained personally identifiable information, like email addresses, photos, passport scans, emails, university papers, and much more.

But although many sellers thought they had wiped their devices (a process called data sanitisation), Blancco says that their methods are clearly inadequate.

“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," says Blancco VP of cloud and data erasure, Fredrik Forslund.

“By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members.”

“It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed. It's critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s truly gone. Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime."

Personally identifiable information found on the devices included:

  • A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records
  • University student papers and associated email addresses
  •  5GB of archived internal office email from a major travel company
  • 3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations
  • University student papers and associated email addresses
  • Company information from a music store, including 32,000 photos
  • School data, including photos and documents with pupils’ names and grades.

As part part of the study, Blancco and Ontrack purchased at random a range of used hard drives from leading brands, including Samsung, Dell, Seagate, HP, and Hitachi. The only requirement was that the drives had not been wiped using Blancco products. Ontrack used proprietary data recovery tools to analyse the devices. Blancco then sanitised the devices to ensure permanent data removal. 

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.