Infosec: One In 10 Second-Hand Hard Drives Keep Personal Data

ICO research confirms the fact that valuable data is still on many hard drives even after they are supposedly wiped

A tenth of second-hand hard drives keep hold of personal data from previous users, leaving old owners in potential danger, research commissioned by the Information Commissioner’s Office (ICO) has shown.

After sourcing 200 hard drives, 20 memory sticks and 10 mobile phones from online sources and trade fairs, the ICO found 11 percent still contained personal data. Almost half contained some kind of information, whilst another 52 percent were unreadable or had been effectively wiped.

A total of 34,000 files containing personal or business data were recovered from the devices, whilst at least two thirds of the hard drives contained enough information to allow for identities to be stolen. Documents included bank statements, passports and even medical details.

In four cases, data on employees and clients of four different organisations were discovered, including health and financial information. Those organisations have been contacted and  taken action to ensure better security practices, the ICO said.

‘Soft touch’

“It is important people do everything they can to stop their details from falling into the wrong hands. Today’s findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their own storage devices,” said information commissioner Christopher Graham (pictured).

“Many people will presume that pressing the delete button on a computer file means that it is gone forever. However, this information can be easily recovered.”

The ICO research is similar to projects that have been carried out before. A study from the Cyber Security Research Institute (CSRI) last year found data on The Sun newspaper staff and Ministry of Defence (MoD) workers on hard drives of discarded PCs. At the time, CSRI chairman Peter Warren said there was a “huge volume and value of data that is literally being thrown away by UK businesses and individuals each year”.

Users may be better off completely destroying their hard drive, if wiping techniques are flawed.

Think you know security? Try our quiz!