Xperien has warned that 42% of hard drives purchased on eBay still contain sensitive data and 15% hold personal information on them, from financial records to birth certificates, passport numbers and photos.
This is according to a study from Ontrack and the Blancco Technology Group, which looks at residual data on used storage drives purchased on eBay.
Some of the findings of the report included a drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records.
Other information included university student papers and associated email addresses, school data including photos and documents with pupils’ names and grades, 5GB of archived internal office email from a major travel company and 3GB of data from a cargo/freight company with documents detailing shipping details, schedules and truck registrations.
As part of the research, a range of used hard drives from leading brands including Samsung, Dell, Seagate, HP and Hitachi were purchased at random. The only requirement was that the drives had not been wiped using Blancco products.
They were analysed in early 2019 by partner Ontrack, using proprietary data recovery tools. Once the recovery exercises were complete, the drives were then sanitised by Blancco to ensure permanent removal of the data.
Xperien ITAD manager Bridgette Vermaak says the most concerning about these findings is the fact that each seller Blancco interacted with as part of the process stated that the proper data sanitisation methods had been performed so that no data was left behind. “This highlights a major concern that while sellers clearly recognise the importance of removing data, they are in fact, using methods which are inadequate.
“This personally identifiable information puts individuals at risk of becoming victims of cybercrime. Selling old electronics online might sound like a good option, but in reality, one is at serious risk of exposing personal data,” she explains.
Blancco vice-president: cloud and data erasure Fredrik Forslund adds: “By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members. It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed.
“It’s critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s well and truly gone. Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime,” he concludes.