• 47% of second hand data storage devices found to contain sensitive information

        • Kroll Ontrack recently carried out a global security study that indicated we are putting our personal information at risk far too easily. The data recovery company analysed used drives to see if any traces of data remained after the previous owners sold them. Among the drives Kroll Ontrack examined, traces of data were found on nearly half. Many of these innocent oversights allowed the new owners critical access into the previous owners’ identity.

          Despite user efforts to erase data, it can often be recovered if not done properly. This makes selling personal digital devices a matter of identity protection. Kroll Ontrack’s study involved an international scope, with countries taking part including, the US, Germany, France, Italy, the Asia-Pacific region, Poland and the UK.

          For the campaign, Kroll Ontrack purchased 64 drives from various sources over eBay (private sellers/consumers) and analysed whether the used drives had been successfully wiped clean or still contained any traces of data. The study found that traces of data remained on 30 drives (47 per cent), while the remaining 34 drives had been successfully cleaned (53 per cent).

          However, the likelihood of finding access to personal information was not the most concerning finding, but rather how sensitive that information often was. For the careless or uninformed user, selling personal data devices is little more than selling your identity.

          The case of one drive epitomised the danger of identifying data traces. The drive had belonged to a company that used a service provider to erase and resell old drives. Despite that, the drive still contained a wealth of highly sensitive information, including user names, home addresses, phone numbers and credit card details. It contained an employee list of around 100 names that included information about work experience, job titles, phone numbers, language abilities, vacation dates and a 1MB offline address book.

          18 of the 64 drives examined were found to contain critical or highly critical personal information. Nearly a third (21 drives) contained personal photos, private documents, emails, videos, wedding photos, audio or music. User account information was discovered on eight drives, including log-in data such as first name and last name, contact details, email address, online account names and passwords.

          Transactional data was also recovered from nearly every seventh drive (9 drives). This included company names, salary statements, credit card numbers, bank account info, investment details and tax returns.

          One drive still contained a record of browser history, while explicit data was located on another.

          The personal realm was not the only one affected, as work-related information also finds its way very often onto private devices. As such, business data extracted from the drives was also not in short supply.

          Six drives were found to contain critical business data such as CAD files, PDFs, JPGs, keys and passwords. Kroll Ontrack even found full online store set ups, configuration files and POS training videos in their scour of these six drives. A further five contained other work-related data: invoices and purchase orders, much of it including sensitive personal information.

          The study differentiated between HDD and SSD drives, noting the growing trend toward flash devices (SSD). Though SSD drives were by no means immune to identity risk, they tended to facilitate more successful data wipes.

          Of the 64 drives purchased in total, 37 were HDD and 27 were SSD drives. Over half of the HDD drives contained traces of data while only a third of the SSD drives did.

          The method previous owners used to erase the data on their drives before selling them demonstrated an all-too-common lackadaisical approach. Though erasure methodology could not be determined for every drive, at least eight had no attempt whatsoever directed at deleting its data. The general trend was evident: people are putting their identity and privacy far too easily at risk.

          The best method to delete data is low-level formatting, which involves pattern filling drives at the lowest level. This method effectively resets drives back to the factory settings. Multiple overwrites provide additional security, especially when data erasure needs to meet specific legal overwrite standards. 

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • 91 per cent of consumers can recognise a brand from colour alone

          91 per cent of consumers can recognise a brand from colour alone

          Friday 15th Dec 2017 by clareb
          Colour has the ability to communicate a feeling immediately. Whether that feeling is passion for red, serenity for green, or festivity when combining the two; it is not difficult to see why it is so important to choose the right colours when it comes...Read More...
          Inadequate delivery options threaten retailer Christmas sales

          Inadequate delivery options threaten retailer Christmas sales

          Wednesday 13th Dec 2017 by clareb
          The UK’s top retailers may be jeopardising 30 per cent of their Christmas sales due to limited delivery options, according to a new study. The research, carried out by ecommerce and digital agency Visualsoft, found that 17 per c...Read More...
          Unibail-Rodamco to buy Westfield

          Unibail-Rodamco to buy Westfield

          Tuesday 12th Dec 2017 by clareb
          An agreement has been set out by European commercial property company, Unibail-Rodamco, to add 35 shopping centres to its portfolio, gaining from Westfield’s extensive number of locations, including Westfield Stratford City and Westfield London...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue