Old Hard Drives Are a Goldmine for Data Thieves

Contributed by Sussex SEO, 19 October, 2018

Identity and data theft are common problems, and you could be at risk of giving personal details to a criminal if you don't dispose of your old hard drive - and its contents - correctly. Many companies are now taking extra steps to ensure they don't fall victim to, or play into the hands of data thieves, but other companies are yet to grasp the severity of the matter.

Technological advancements are happening constantly. We are always moving from one "state-of-the-art" system to the next. The idea of upgrading from one super-computer to the next is always tempting - and most of us will jump at the chance. However, we often leave behind a trail of hardware filled with personal information, and criminals are very aware of this.

Companies upgrading systems with sensitive data are at risk when they change to better computers and servers. The method of disposing of the originals is important now more than ever and shouldn't be taken lightly.

Getting rid of the data from your hard drive by clicking the Delete button or by formatting it doesn't wipe the data completely and securely. There are extra measures that you should take before wiping your hard drive and putting your computer up for sale on auction sites.

What kind of risks can old hard drives pose?

Various studies have found that thrown-away or sold hard drives can easily result in cases of identity theft. Experts have confirmed that the best way to avoid these cases is to completely destroy hard drives before disposing of them.

Identity thieves can retrieve personal information from hard drives with the help of freely available specialist software that they can then use for their own malicious purposes. When retrieved, the hacker can use the identity of the user to create false credit card accounts, order items online, or even forward an application for a copy of the user's birth certificate. According to the findings of an investigation carried out by the Information Commissioner's Office, 11% of 200 second-hard drives that were purchased and analysed contained sensitive personal details, while about half still housed some form of important information on them.

In total, the computer forensics firm that handled the investigation under the employ of the ICO recovered 34,000 files containing corporate or personal information. Information such as scanned financial documents, sensitive employee details from certain organisations, as well as medical details and passport information, among other thing were found in the trove of data.

Another study, this time conducted by Which?, found that data thieves can find a lot of sensitive and "valuable" data to mine from discarded hard drives that were not properly wiped. Which? acquired eight second-hand hard drives from eBay and were able to retrieve 22,000 "deleted" files from them, these included spreadsheets, music files, and images. Which? states that the average UK citizen is worth approximately £85,000 to a hacker.

Is it easy to recover deleted data?

Yes, it's quite easy to recover deleted data, and the process does not require special or complex computing skills. The data recovered by Which?, as well as other bodies that conducted studies and research, was retrieved using software applications easily found on the internet. So, even if you delete data through regular methods, your data can still be harvested.

Experts from Easy Data Recovery say "that completely wiping files from a hard drive isn't as easy as just clicking 'Delete' or using the format function. These processes simply take the files off the list directory without erasing the data from the drive. These can then be easily pieced back together by free-to-use software."

Data Recovery from Old Hardware Costing Companies Millions

Companies are not always totally to blame for leaking sensitive data, as criminals may already be a step ahead. In fact, many data thieves are constantly on the lookout for corporate data that will be filled with customer details. While cyberattacks are currently very much in the news, hardware disposal can still be a blind spot, as some firms are not entirely invested in the idea of adopting extra measures to dispose of hardware. Nevertheless, many companies have lost tremendous amounts of money due to how they disposed of their data.

In 2006, for example, an Idaho Power Company learnt this the hard way when sensitive data from the company somehow found its way to e-Bay after a disposal job went wrong. The company was involved in a hard drive recycling programme at the time but failed to properly clear the drives before handing them over to the salvage vendor. The vendor went on to dump these drives without performing a secure wipe either, which led to hundreds of drives making it to e-Bay, intact, along with the proprietary memos and confidential employee information they contained.

While some data thieves rummage through landfills and hardware dumpsites for valuable hard drives, others straight up present themselves as e-waste firms on sites like Craigslist. This can put cooperate businesses at serious risk if their information falls into the hands of these fake "e-waste companies", whom they may trust with disposing their stuff without carrying out a secure wipe.

"Companies in the UK can face serious legal issues and heavy fines if their failure to properly dispose of data from hard drives results in identity theft of any kind. This is due to their infringement of the UK Data Protection Act. Companies in the EU also face the same issues under the General Data Protection Regulation." Explains security management specialist from ISMS.online.

The best way to destroy an old hard drive

If you want to escape the nightmare of having your personal details sold on eBay, then you should always transition to your new computer without leaving any data behind on your old hard drive. But, how can this be done without leaving a trail for hackers? Experts have advised many ways to go about this. They include:

Tags: intellectual property |



Articles Archive