By John E. Dunn
21 September 2007
Hard drives full of confidential data are still turning up on the
second-hand market, researchers have reported.
Investigations carried out on behalf of BT by the University of
Glamorgan in the UK, Edith Cowan University in Australia, and Longwood
University in the US, found that thirty-seven percent of drives surveyed
had traces of personal data on them.
Damningly, this figure is much the same as it was for the same surveys
undertaken by the universities in each of the last two years, suggesting
that either companies are ignoring the issue or simply lack the tools to
adequately wipe data before resale.
Sensitive information retrieved included salary details, financial data
of specific companies, credit card numbers, medical data, visa
applications, details of online purchases, and inevitably, online
pornography. The sample totalled 350 hard drives acquired in online
Given the level of exposure that the subjects of security and identity
theft has received in recent times, and the availability of suitable
tools to ensure the safe disposal of information, it is difficult to
understand why disks are still not being effectively cleaned before they
are disposed off, said BTs security research head, Dr Andy Jones.
When organisations dispose off surplus and obsolete computers and hard
disks, they must ensure that adequate procedures are in place to destroy
any data and also to check that the procedures that are in place are
effective - whether they are handled by internal resources or through a
third party contractor, he said.
The full report which has yet to be made publically available - reveals
that buying second-hand disks is an unreliable way to get hold of
storage. Of the 133 disks bought in the UK, 44 percent of them didnt
even work. But of those that did, 19 percent had enough information on
them to identify the organisation from which they had come, sixty-five
percent had enough data to identify named people, and 17 percent
contained illicit data.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com