Used disks sold online hold extractable company data

Be extra careful when selling used storage, as the data from these components can be extracted quite easily, putting both the consumer and the company at risk.

Those are the conclusions published in a report by the Blancco Technology Group, entitled The Leftovers: A Data Recovery Study.

The company bought 200 used hard disk drives and solid-state drives from eBay and Craigslists, and tried to extract data from the purchased devices. In 78 per cent of cases it did, finding both corporate data and personally identifiable information. Among the corporate data found are company emails (9 per cent), spreadsheets containing sensitive company information such as sales projections and product inventories (five per cent), and CRM records (one per cent).

Looking at personally identifiable information, photos were found in almost half of the cases (43 per cent), followed by photos with GPS data (24 per cent), financial data (21 per cent), social security numbers (23 per cent) and resumes (10 per cent).

Users should be worried if these types of personal information are retrieved, says the company’s digital forensics expert, Paul Henry.

“Two of the more incriminating types of personal information we recovered are financial data and resumes - these types of files contain all of the information needed for a hacker to go in, steal the information and then perpetrate identity theft and fraud. And in a world where money rules, this could have devastating effects for individuals because it could not only rob them of their hard-earned money, but it could also hurt their chances to get approved for financing, mortgage loans and so much more. Not to mention, if the identity thief becomes involved in criminal activities, it could destroy their personal reputation.”

Image source: Shutterstock/Artem Samokhvalov