Study: 78% of Resold Drives Still Contain Readable Personal or Business Data

itwbennett writes: Blancco Technology Group, which specializes in data erasure, bought 200 secondhand PC storage drives (PDF) from eBay and Craigslist to see if they could recover any of the old data saved inside. Their findings: 78 percent of the drives contained residual data that could be recovered, 67 percent still held personal files, such as photos with location indicators, resumes and financial data, and 11 percent of the drives also contained company data, such as emails, spreadsheets and customer information. Only 10 percent had all the data securely wiped, Blancco said. The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results." As for why so many of the drives contain unwanted information, the report says it has to do with the difference between "deleting" data and "erasing" data. Your files aren't actually deleted when you drag them to the Trash or Recycle Bin, or by using the delete key -- shocking, I know. You can format a drive to erase the data, but you have to be careful of the format commands being used. A quick format, which was used on 40% of the drives in the sample, still leaves some residual data on the drive for someone to possibly access. A full format, which was used on 14% of the drives, will do a better job in removing unwanted files, but it too may still miss some crucial information. The solution Blancco recommends: buy a tool to perform complete data erasure.

Don't have to buy one

[TheReaperD]

You don't have to buy a secure hard drive erasure tool, DBAN does a reliable job for most drives and is free. SSDs are a new kink in the mix that means that some really advanced tools could retrieve data from the drives, even after a complete wipe but, if you're going up against people that dedicated, I recommend a sledgehammer instead.

Re:Why?

[JoshuaZ]

Because it is cheap, and a single reformat will deal with the vast majority of issues. A few bad sectors aren't in general going to make the drive unusable.

Re: Buying not needed

[jabuzz]

Set a password for the drive and issue an ATA secure erase using hdparm. This will get all the remapped sectors as well. Procedure documented here

https://ata.wiki.kernel.org/in...

Re:Simple under linux

[Dr_Barnowl]

You don't need to do it under Windows though - burn a Linux USB and off you go.

Hell, there's a bootable image just for it : Darik's Boot and Nuke

Blancco are just capitalising on ignorance (and risk-aversion in the business community which only tends to regard something you pay for as being a safe bet, despite the usual license agreements which preclude the vendor having any liability anyway).

Re:Why?

[PhunkySchtuff]

Modern drives will silently remap sectors without telling you (unless you look at the SMART status).
Once they exhaust their pool of spare sectors, then they start telling things higher up the chain that there are bad sectors.
By the time a disk is reporting bad sectors to the OS (as a bad sector, instead of incrementing a SMART counter and silently carrying on) it has remapped so many bad sectors that it can no longer automatically remap them and is now telling you there is a problem.

In my experience, every single drive that I've seen reporting even a single bad sector will soon go pear-shaped and shouldn't be used.

Re:Simple under linux

[Dr_Barnowl]

Hah, hadn't realized that Blancco is apparently just the monetization of DBAN.