Story image

Almost half of storage devices for sale contain personal info, study finds

30 Apr 2019

If you’re thinking of selling a device with any type of storage (for example your smartphone, tablet, PC, laptop, used hard drive, USB stick, or any other storage device), you may want to triple check that you’ve wiped all of your personal information off it before you send it away.

But it seems that many people around the globe don’t even take that step, according to new research from Blancco Technology Group and Ontrack.  The two companies purchased 159 used storage devices from the United States, the United Kingdom, Germany, and Finland. 

They found that 42% of those devices contained sensitive data, and 15% contained personally identifiable information, like email addresses, photos, passport scans, emails, university papers, and much more.

But although many sellers thought they had wiped their devices (a process called data sanitisation), Blancco says that their methods are clearly inadequate.

“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," says Blancco VP of cloud and data erasure, Fredrik Forslund.

“By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members.”

“It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed. It's critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s truly gone. Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime."

Personally identifiable information found on the devices included:

  • A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records
  • University student papers and associated email addresses
  •  5GB of archived internal office email from a major travel company
  • 3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations
  • University student papers and associated email addresses
  • Company information from a music store, including 32,000 photos
  • School data, including photos and documents with pupils’ names and grades.

As part part of the study, Blancco and Ontrack purchased at random a range of used hard drives from leading brands, including Samsung, Dell, Seagate, HP, and Hitachi. The only requirement was that the drives had not been wiped using Blancco products. Ontrack used proprietary data recovery tools to analyse the devices. Blancco then sanitised the devices to ensure permanent data removal. 

Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.