You’re donating an old computer storage drive or putting one up for sale on eBay. But first, you erase all the data.
Or so you think.
Researchers teaming up from a data erasure and mobile security firm Blancco and a data recovery company Ontrack found otherwise.
The companies purchased 159 drives at random on eBay, a mix of hard drives and flash (SSD) drives.
After applying data recovery tools to those drives, they found that 42% of them had at least some data. Even more concerning, about three out of every 20 of the drives had personally identifiable information, including scanned images of passports and birth certificates, as well as financial records.
Some of the drives also included corporate data. One had 5GB of archived internal email messages from a major travel company, and another, 3GB of shipping details and other data from a cargo/freight company. A third drive included data from a software developer that had what was described as a “high level of government security clearance.”
How could this happen? Rarely does a consumer looking to purge a drive go to the trouble of hiring a firm such as Blancco to remove data. In fact, Blancco’s customers tend to be larger enterprises or governments.
Instead, consumers who even bother to remove data from their drives either delete certain files individually, or attempt to reformat that drive, thinking any existing files may be overwritten.
But “formatting is not the same thing as removing data,” says Fredrik Forslund, vice president of cloud and data erasure at Blancco, who adds that there are two ways for doing so in Windows – a quicker less secure method and way deeper format method. But even deep formatting, he says, leaves some data behind, where it could be surfaced by an individual or company with the proper recovery tools.