Wednesday, 3rd March 2021

42% of used drives sold on eBay are holding sensitive data

15% contained personally identifiable information (PII), putting individuals at risk of becoming victims of cybercrime.

Blancco Technology Group has published the findings of a new report, which looks at residual data on used storage drives purchased on eBay, the world's largest online marketplace. Conducted in conjunction with partner, Ontrack, the study analyzed 159 drives purchased in the U.S., U.K., Germany and Finland. Sensitive data was discovered to be present on 42% of devices, with 15% containing personally identifiable information (PII). This included:

•A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records

•University student papers and associated email addresses

•5GB of archived internal office email from a major travel company

•3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations

•University student papers and associated email addresses

•Company information from a music store, including 32,000 photos

•School data, including photos and documents with pupils’ names and grades

For every 20 drives, at least three had PII. Furthermore, each seller Blancco interacted with as part of the process stated that the proper data sanitization methods had been performed so that no data was left behind. This highlights a major concern that while sellers clearly recognize the importance of removing data, they are in fact, using methods which are inadequate.

“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," said Fredrik Forslund, VP, cloud and data erasure, Blancco. "By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members. It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed. It's critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s truly gone. Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime."

As part of the research, a range of used hard drives from leading brands, including Samsung, Dell, Seagate, HP, Hitachi were purchased at random. The only requirement was that the drives had not been wiped using Blancco products. They were analyzed in early 2019 by partner Ontrack using proprietary data recovery tools. Once the recovery exercises were complete, the drives were then sanitized by Blancco to ensure permanent removal of the data.

New report shows how hackers and criminals exploited COVID-19 pandemic in 2020 to target all busines...
Tanium survey of IT decision makers finds that enterprises are observing uptick in risky behaviours...
LogMeIn has published results of a global study executed by IDG that reveals the new reality of long...
Imperva Sonar platform enables organizations to manage complex and automated cyberattack risks.
BlackBerry has released the 2021 BlackBerry Threat Report, detailing a sharp rise in cyberthreats f...
The Privacy Compliance Hub is a clear, user-friendly and engaging way to spread privacy compliance a...
CNI organisations demonstrate strong appetite for digital transformation but misplaced confidence co...
Company debuts brand-new eCrime Index showing intensity of cyber-criminal market over time; reveals...