Wednesday, 26th June 2019
Logo

42% of used drives sold on eBay are holding sensitive data

15% contained personally identifiable information (PII), putting individuals at risk of becoming victims of cybercrime.

Blancco Technology Group has published the findings of a new report, which looks at residual data on used storage drives purchased on eBay, the world's largest online marketplace. Conducted in conjunction with partner, Ontrack, the study analyzed 159 drives purchased in the U.S., U.K., Germany and Finland. Sensitive data was discovered to be present on 42% of devices, with 15% containing personally identifiable information (PII). This included:

•A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records

•University student papers and associated email addresses

•5GB of archived internal office email from a major travel company

•3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations

•University student papers and associated email addresses

•Company information from a music store, including 32,000 photos

•School data, including photos and documents with pupils’ names and grades

For every 20 drives, at least three had PII. Furthermore, each seller Blancco interacted with as part of the process stated that the proper data sanitization methods had been performed so that no data was left behind. This highlights a major concern that while sellers clearly recognize the importance of removing data, they are in fact, using methods which are inadequate.

“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," said Fredrik Forslund, VP, cloud and data erasure, Blancco. "By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members. It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed. It's critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s truly gone. Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime."

As part of the research, a range of used hard drives from leading brands, including Samsung, Dell, Seagate, HP, Hitachi were purchased at random. The only requirement was that the drives had not been wiped using Blancco products. They were analyzed in early 2019 by partner Ontrack using proprietary data recovery tools. Once the recovery exercises were complete, the drives were then sanitized by Blancco to ensure permanent removal of the data.

According to a new CyberArk survey, as organisations increasingly move critical applications, regula...
New threat intelligence from F5 Labs shows that Europe suffers more attacks from within its borders...
As C-level executives engage more frequently in incident response and threat hunting, more IT profes...
While attack vectors remain largely the same year over year, attack volume will increase and cybercr...
First-of-its-kind compliance process automation solution combines automated data collection and vali...
TrustArc has published new findings from an online study conducted by Ipsos MORI, a global research...
More than half of organisations enforce encryption of data on all mobile devices and removable media...