Blancco, a provider of data erasure equipment and software, participated in a study looking for residual data on storage drives purchased on eBay. The effort found 15 percent of those devices still contained personally identifiable information, even after undergoing at least some form of data wiping.
According to a report recapping the study results, Blancco IT staff in the U.S., Germany, Finland and the U.K. bought 159 used drives – a mix of HDDs and SDDs – on eBay in September and October 2018. They were purchased randomly, except that none had been wiped using Blancco software.
The drives were analyzed by project partner Ontrack, a data recovery and destruction business. Ontrack staff in France, Germany, Poland and the U.K. used the company’s data recovery tools to look for residual information. Staff also noted which data wiping methods had been previously used – in most cases, the drives had been formatted.
Out of the 159 drives analyzed, some type of data was found on 66 of them. Of those, 25, or over 15 percent, contained personally identifiable information such as photos, birth certificates, names, email addresses and more.
According to a press release, one notable example was a drive from a software developer with a high-level government security clearance. It contained scanned images of family passports and birth certificates, curriculum vitae and financial records.
In other cases, drives contained 5 gigabytes of archived office email from a major travel company, 3 gigabytes of data from a cargo/freight company, 32,000 photos and other information from a music store, and photos and grades from students.
In March, Blancco released results of a survey of consumers asking them about their mobile device data security concerns. Among other findings, it noted that more than one-quarter of respondents were so concerned that their data would end up in the wrong hands that they wouldn’t trade-in their phones.
The residual data study was just one of a handful conducted recently. Two weeks ago, E-Scrap News wrote about one conducted by cyber security firm Rapid7 that found lots of personal information, including social security and credit card numbers, on used devices purchased in Wisconsin. The article also covered a study by Stellar Data Recovery, which found that 71 percent of used devices purchased in India has personally identifiable information on them.
Photo credit: AlexGrec/Shutterstock
More stories about data security
- Blancco’s software flags possible data security loophole
- ITAD firms can help avoid compliance risks
- Discover, PCs for People work within data security policy