Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Finds 1 in 10 Used Hard Drives Contains Old Personal Data

Posted by samzenpus on from the sharing-secrets dept.

Lucas123 writes "A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data."

11 of 111 comments (clear)

  1. Whoopdie-doo by timeOday · · Score: 5, Insightful

    Who is going to bother with a time-consuming forensic-analysis style attack with a 10% chance of success when you can break into some company and get thousands of credit card numbers and/or SSNs? Sheesh, if you want credit card numbers, just get a job at any restaurant as a waiter.

    1. Re:Whoopdie-doo by YodasEvilTwin · · Score: 4, Insightful

      This figure actually seems extremely low. 90% of people know how to properly wipe their drives? Yeah right. And there's essential 0 risk in stealing data off a drive you legitimately own or find in the garbage -- not so for screwing around at work.

    2. Re:Whoopdie-doo by Anonymous Coward · · Score: 3

      He also always does this (when he goes to a restaurant). And yet he also always never has it leave his sight. Hint: he doesn't leave his parent's basement; this is slashdot.

    3. Re:Whoopdie-doo by greg1104 · · Score: 4, Funny

      I tried running an in-home computer cleanup firm under the name of the Red Shirt Guys, but every time one of the consultants went on-site they died.

    4. Re:Whoopdie-doo by hairyfeet · · Score: 4, Insightful

      Or just keep an eye out by the dumpsters. You'd be amazed how many time companies would just sit computers out without even bothering to wipe squat. I've gotten to be friends with the handyman for my apt building and since he works also at some of the city buildings as well as a few businesses and he picks up any machines they are tossing because he knows i refurb PCs for poor folks and it just blows my mind how many times I've found CC numbers, tax forms, you name it on these machines.

      Hell he called me once to bring out my truck because one of the local telecos were tossing their old towers when they upgraded. i got nearly 40 towers with nothing but the windows password between me and ALL their data. Of course being an honest man I simply nuked the drives and did clean installs but if I'd have been a bad guy the amount of data I'd have would have been insane. So think about that when you are giving your data to some company, you never know if they just sit their old machines on a curb somewhere.

      But I have yet to see anyone recover data from a 3 pass DoD (sure a single zero out will do it, but I've found more companies will hand me machines if I tell them i'll DoD the machine) so please don't go for that insane "hey we'll shoot the drive!" kinda crap as there are a LOT of poor folks hurting in this economy and those old PCs can really help folks. So please just wipe and freecycle, its better for the environment and better for the poor folks around you.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    5. Re:Whoopdie-doo by hairyfeet · · Score: 3, Interesting

      Well I can only answer that with an anecdote, but from a friend that worked for awhile at a GS to get some extra cash the answer to that question would depend on this one...is there any porn on the drives? MP3? Movies? how about pics of your GF? because he said that roughly half the guys he worked with had USB HDDs that had batch files that looked for anything they might want to snatch, which would explain why you always here of the CP guys getting busted by GS, they trip over the files looking for stuff to snatch.

      While I haven't done this personally, in fact i pride myself on not knowing a damned thing about what is on a customer's PC as i don't snoop I just do my job, I can say i have seen this behavior at other shops in the past I even had a creepy coworker that used to brag about how large his MP3 and porn video collection was because he snatched any chance he got. Just one more reason to ask around and find out the rep of the shop you are going to AND to use encryption, hell even something as simple as a password protected zip or rar file would block most of these guys because they are looking for easy targets.

      Personally after seeing that the transfer went fine I ask what the customer wants done with the drive and if they don't want it it gets boot and nuked and stuff in the spare drawer and since I keep an old machine in the corner just for that job it isn't a hardship. Many of the newer minitowers can't hold but a single drive at a time so I often end up with a pile of 80Gb-300Gb drives that i then use on refurbed machines for the poor, but it really creeps me out to think there are guys snooping around people's computers just looking for stuff to snatch, its too much like going through someone's underwear drawer...yuck.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Anecdote by PPH · · Score: 4, Interesting

    A few years back, I happened to visit my dentist's office just after he had all of his workstations upgraded. By the medical/dental s/w maintenance vendor's technician. While the tech was standing there, I asked my dentist what he was going to do with all his old PC's. Donate them to a local school, he said. I asked if there was any patient data on them. He told me that the vendor's tech had reformatted the hard drives, so that wouldn't be a problem. I asked him (within earshot of that tech) if he had ever heard of the 'unformat' command. I then suggested that he have the vendor investigate DBAN before letting these machines off the property.

    I don't know who is responsible for the loss of patent data under HIPAA regulations. But I'd hope that vendors specializing in medical IT support would.

    --
    Have gnu, will travel.
  3. Only 1 in 10? by hahn · · Score: 3, Insightful

    I would venture to guess that most people don't realize that deleting a file doesn't completely wipe it. The bigger question is, how many people who buy or receive those second hand-drives are looking to recover the data, and what % of them would do something with it that would NOT be okay with the original owner. I'd like to think not that many. But then again, I wouldn't be surprised if there were scammers who look to buy cheap used drives to see if they can dig up some useful info on it. Seems to me that would be higher yield than trying to phish for it with spam, and easier than trying hack websites.

    --
    "The only normal people are the ones you don't know very well."
  4. It's not all bad by Lord_of_the_nerf · · Score: 5, Funny

    I uncovered porn and tons of what's now 'abandonware'. Thanks, 16-year old boy from 1996 (I assume)!

  5. Re:Stop saving hard drives. They aren't valuable. by Gordonjcp · · Score: 3, Informative

    Taking a hammer to them is too much effort. A single pass of "dd if=/dev/zero of=/dev/sd" will utterly destroy all the data beyond any hope of recovery.

  6. Only? by Internetuser1248 · · Score: 4, Interesting

    Every 2nd hand hard disk I have ever acquired has had personal data on it. None of the previous owners had even attempted to delete the data all the filesystem pointers were intact. On the other hand none of them ever had any useful data on them, unless I wanted to embarrass the previous owner by sending their porn collection to their wife/parents.