As many as 90% of previously-owned storage media devices such as USB sticks and hard drives contain some form of private and business data from its former owners, a new study by Kaspersky has found.
This data ould include anything from banking documents and company emails to private messages and pornographic content, according to the cyber security firm.
Kaspersky’s Global Research & Analysis Team (GReAT) made the discovery while analysing the contents of 185 second-hand storage devices, out of which only 11% were found to be entirely clean. The team discovered that as many as one in five devices contained data that could be found and extracted immediately, while almost three-quarters (74%) held data that could still be recovered through file carving.
According to GReAT Europe head Marco Preuß, “the potential damage if personal data falls into the wrong hands is enormous”.
“Identity theft, access to accounts, blackmail or even social ruin of the original owners would be possible. In addition, data could be used to carry out attacks on the previous owner of the device as well as close family, friends or peers,” he said.
The ownership of second-hand devices is becoming a more prevalent practice due to sustainability efforts. Kaspersky found that out of 2,000 UK consumers, 649 had bought a used computer, 802 a mobile device, and 321 had purchased used storage media.
RELATED RESOURCE
Ransomware resiliency: The risks associated with an attack and the reward of recovery planning
An overview of the history of ransomware, its potential impact, and best practices to protect IT systems
However, the well-intentioned practice has potential to turn into a security nightmare. Among the 649 second-hand computers, 13% contained contact details for the previous owner, one in ten held business-related data, and another 10% discovered official documentation such as passports and driving licenses. Similar percentages were found across mobile devices, USB sticks, and hard drives.
The researchers also found documents containing passwords and login details of former owners – which could easily be used to hack into an organisation.
GReAT DACH (Germany, Austria, and Switzerland) head Christian Funk warned that “the criticality of sensitive, personal data seldom loses its effectiveness over time, even if the collection itself is far in the past”.
“Only a complete overwriting of the actual information on a data carrier can remedy this,” he added.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
The business value of Zscaler Data ProtectionWhitepaper Understand how this tool minimizes the risks related to data loss and other security events
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Three essential requirements for flawless data protectionWhitepaper Want a better CASB and stronger DLP? You have to start with the right foundation
-
The gratitude gapWhitepaper 2023 State of Recognition
-
The top five risks of perimeter firewallsWhitepaper ...and the one way to overcome them all
-
Redefining modern enterprise storage for mission-critical workloadsWhitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
The business value of storage solutions from Dell TechnologiesWhitepaper Streamline your IT infrastructure while meeting the demands of digital transformation
-
Building a data governance strategy in 2023In-depth Data governance will continue to expand as attitudes change and businesses look to optimise the value of their data
