ICO sounds alarm over second-hand hard drives
Data protection watchdog claims more than 10 per cent of sold-on hard drives contain previous owner's data.
More than one in ten second-hand hard drives contains recoverable data belonging to the original owner, claims research from the Information Commissioner's Office.
The data protection watchdog asked computer forensics firm, NCC Group, to acquire 200 hard drives, 20 memory sticks and 10 mobile phones from online auctions and trade fairs.
The haul of devices was then trawled through using freely available forensics tools. It was then discovered that 11 per cent of the hard drives contained personal data from the previous owner.
At least two thirds of the drives contained enough information - including bank statements, passports and medical records - for criminals to steal the owner's identity.
Christopher Graham, the Information Commissioner, said: "We live in a world where personal and company information is a highly valuable commodity. It is important that people do everything they can to stop their details from falling into the wrong hands.
"Today's findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices."
Graham Cluley, senior technology consultant at security vendor Sophos, said the deletion of data on old devices is not always the responsibility of the previous owner.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"It can be that they've trusted a third party organisation to handle the secure disposal of assets," he said. "But it's always us, the unfortunate member of the public, who is most exposed by the sloppy practice."
He said, although many companies go to great lengths to dispose of old computer equipment responsibly, there's clearly still more work to be done.
"Once again, it's time for users and companies to consider the benefits of fully encrypting their hard drives as well as getting in the habit of securely wiping drives as they are junked," Cluley added.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.