Old Hard Disks Found a Security Problem

Old Hard Disks Found a Security Problem

by / May 11, 2004
BERLIN -- April 27, 2004 -- Under the title "Data, Data Everywhere," O&O Software has published a study on the protection of data on used hard disks.

The study set out to determine whether users securely deleted data before selling or giving away their old hard disks. The company randomly purchased 100 used hard disks and other data carriers off eBay to determine whether these had been effectively and securely wiped of information before sale, or whether information could be restored. Hard drives examined included those sold individually or in a PC, as well as those simply returned to commercial leasing companies.

The analysis showed that only 10 percent of the hard disks had been properly and completely wiped with the help of security software. All the rest contained private data -- everything from scanned signatures and ID cards to legal powers of attorney, account access information and PIN or access code lists.

Whereas the failure to delete data in the private sphere can be simply put down to carelessness, the number of files O&O Software found on former company hard disks falls into what the report described as seriously negligent, particularly when data protection laws are taken into account.

Some hard disks that had obviously been used in companies turned up sensitive company data such as reports on turnover and market share, strategy papers and business correspondence -- some of this marked "highly confidential." Additionally no fewer than two hard disks from a major health insurance company found their way to O&O in the course of this study.

The full study can be found at the Web site.
Blake Harris Contributing Editor