sb-eu logo
Story image

Almost half of storage devices for sale contain personal info, study finds

30 Apr 2019

If you’re thinking of selling a device with any type of storage (for example your smartphone, tablet, PC, laptop, used hard drive, USB stick, or any other storage device), you may want to triple check that you’ve wiped all of your personal information off it before you send it away.

But it seems that many people around the globe don’t even take that step, according to new research from Blancco Technology Group and Ontrack.  The two companies purchased 159 used storage devices from the United States, the United Kingdom, Germany, and Finland. 

They found that 42% of those devices contained sensitive data, and 15% contained personally identifiable information, like email addresses, photos, passport scans, emails, university papers, and much more.

But although many sellers thought they had wiped their devices (a process called data sanitisation), Blancco says that their methods are clearly inadequate.

“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," says Blancco VP of cloud and data erasure, Fredrik Forslund.

“By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members.”

“It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed. It's critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s truly gone. Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime."

Personally identifiable information found on the devices included:

  • A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records
  • University student papers and associated email addresses
  •  5GB of archived internal office email from a major travel company
  • 3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations
  • University student papers and associated email addresses
  • Company information from a music store, including 32,000 photos
  • School data, including photos and documents with pupils’ names and grades.

As part part of the study, Blancco and Ontrack purchased at random a range of used hard drives from leading brands, including Samsung, Dell, Seagate, HP, and Hitachi. The only requirement was that the drives had not been wiped using Blancco products. Ontrack used proprietary data recovery tools to analyse the devices. Blancco then sanitised the devices to ensure permanent data removal. 

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More