59 percent of secondhand hard disks sold on marketplaces like eBay are not properly wiped and still contain data from their previous owners, according to a new study by the University of Hertfordshire and commissioned by Comparitech.


We purchased 200 used hard drives from online marketplaces, secondhand shops, and conventional auctions: 100 in the USA and 100 in the UK. University researchers then performed forensic analysis to determine whether any attempt had been made at deleting the contents of the drive and whether those attempts were successful.


We uncovered a wide range of sensitive and private information left by previous owners. The remnant data included, among other things, employment and payroll records, family and holiday photos, business documents, visa applications, resumes and job applications, lists of passwords, passport and driver’s license scans, tax documents, bank statements, and lists of students attending senior high schools.

Data removal efforts on secondhand hard drives

The information stored on the drives could be used by criminals for any number of purposes ranging from blackmail to identity theft.


Here’s a breakdown of the 200 hard drives analyzed:


26% were properly wiped and no remnant data could be recovered

26% had been formatted, but data could still be recovered with minimal effort

17% contained deleted data that could easily be recovered

16% of the hard disks appeared to have no attempt made to remove the data

16% were not accessible and could not be read


As we’ve found in previous studies, the problem is not that disks aren’t being wiped before resale, but that they aren’t being wiped properly. More on that below.


What data was recovered from the hard drives?

Photos and documents made up the bulk of the data recovered. Some notable examples include:

  • Employer payment records
  • Photos of soldiers in the Middle East
  • Plans and documentation for Army barracks
  • Visa applications for trips to China and India
  • A debt collection notice
  • Passport scans
  • Driver’s license scans
  • Expense returns
  • Bank statements and utility bills
  • A copy of a speeding citation for the US
  • Intimate photos
  • A spreadsheet with the names and personal details of 113 people
  • Completed tax documents (P60, W-9)
  • Employment applications and CVs

One notable trove that researchers unearthed included several documents from a senior high school including an annual performance report for the school, a list of student names, a letter from a special education supervisor with full contact details, daily bulletins naming staff, a faculty meeting agenda, a track team roster, and pictures of houses and possibly students.

All of that data was deleted—but not permanently wiped—from memory.

A mistake that researchers say is all too common.

Remnant data is a growing problem

Comparing the results from the hard drives purchased in 2018 to a similar study in 2007, researchers observed a rising trend in recoverable remnant data left on secondhand hard drives. Here’s a breakdown comparing the two studies, roughly a decade apart:

In 2018, far more disks sold on the secondhand market contained recoverable data from previous owners than in 2007. That being said, a much larger portion of the 2007 hard drives were unreadable altogether.

Why data remains on secondhand hard drives

Ignorance or apathy?

The majority of the hard disks examined in this study were purchased singly save for a small number of occasions when they were purchased in small lots as the seller had more than one card for sale at the same time. That tells us the problem is fairly widespread, and not from a single source.

Researchers say end users are still not well-informed enough on the risks of failing to permanently remove data from a hard drive before selling or discarding it.

How to securely wipe a hard drive

The issue is not that secondhand sellers don’t attempt to wipe hard drives, it’s that they fail to do so properly, the report explains.

It’s an easy mistake to make if you’re not aware that:

  • “Deleting” a file does not obliterate the ones and zeros that make up a file on a hard disk. It merely removes the reference point to where a computer can find the file. When you highlight a file and hit the Delete key, for example, the file will actually remain there until it is overwritten.
  • “Quick formats” can also be inadequate, despite what some other sources may tell you.
  • Retired cards need to be fully erased and reformatted. A full format is the best way to permanently wipe data from a hard drive.

Researchers say this study will be repeated in the future.

“The problems arising from the disposal of hard disks are only likely to increase as the size of the media continues to increase, and the potential grows for greater volumes of personal and sensitive data to be exposed.”

Read this guide if you want more details about how to securely wipe any hard drive, whether it’s Mac or Windows, iOS or Android, HDD or SSD.

How to securely erase your hard drive, SSD, or mobile phone

 

Source: Comparitech.com (Posted September 24th, 2019)

Study: 3 in 5 secondhand hard drives still contain previous owner’s data

Welcome!


If you are reading this guide, you are about to embark on a process that will help your organization harness the potential of technology to deliver your mission and best serve your community. Proactively planning for technology is about more than replacing old computers (although that might be part of your plan!). This process will help your organization fundamentally shift the way you approach technology investments toward greater mission achievement and community impact. It will identify opportunities for technology to help you control costs, reduce risk, raise funds, and empower staff.


Strategic technology planning – much like any strategic planning process – is a comprehensive look at the current state and the desired future state for your organization. If you just need some new computers, this may not be the right process. But if you are ready to treat technology as a mission-critical investment that can accelerate your organization’s impact, you are in the right place! Your nonprofit has much to gain from appropriately integrating technology into your operations, communications, fundraising, and service delivery. This guide offers step-by-step support to help you lead your organization through technology planning, resulting in a roadmap to smart technology use.



Acknowledgements


This guide has been produced through the generous support of the Rasmuson Foundation, a private foundation that works as a catalyst to promote a better life for Alaskans. Learn more at www.rasmuson.org. It was written and edited by Lindsay Bealko of Toolkit Consulting, who helps mission-minded organizations design creative communications, engaging education, and powerful programs. Learn more at www.toolkitconsulting.com.


Special thanks to Orion Matthews and Jeremiah Dunham of DesignPT for their substantial contributions to and reviews of this guide to make it as useful as possible to nonprofit organizations who are ready to harness the strategic potential of technology. Learn more and request help with your strategic technology plan at www.designpt.com.


Please help us improve our website by providing your feedback