Second Hand Drives, First Class Data !
Disposing of old Gadgets? Safeguard your Personal & Confidential Data first
A new Stellar data recovery study reveals hard disk drives available on classifieds websites contain high-risk data
We are all saddled with an inventory of old hard disk drives coupled with an urge to quickly get rid of the same by selling them off on popular online sites. We believe that by formatting our Drives, we have taken the requisite precautions for securing data privacy. But is this sufficient? A recent analysis done by Stellar Data Recovery reveals that hard disk drives available on second-hand marketplace sites contain a significant amount of confidential data. For the sample collected, sensitive data was uncovered in 100% of cases.
As part of the study, multiple hard disk drives were purchased from India’s leading online platform which facilitates buying and selling of second-hand products. The data from these drives was then recovered using simple Do It Yourself software Recovery Tools available online. For all such cases where the data was not securely erased, the data recovery was accomplished easily within a day.
Most consumers in India are unaware that data can be recovered from their legacy drives and mobiles and steps like formatting are not enough for ensuring data privacy. Consequently, there is a grave risk of private and confidential data from these legacy devices being passed onto the buyer of such devices. The study further reveals that the vast majority of Indians are still unfamiliar with data sanitization methods; often referred to as data erasure methods, data wipe methods, wipe algorithms, and data wipe standards. The drives purchased for this study were formatted but not wiped using any correct method and after running ‘data recovery software,’ huge data contained in files were recovered.
Data Recovered
BUSINESS/CORPORATE
- Company profit and loss statement
- Year-wise sales statements
- Advertisement and hoarding designs and templates
- Dispatch and shipment plans of the company
- Company logos, letterhead templates, and designs
- Company event collaterals like seminar and conferences brochures and catalogs
- Customer database of information like name, phone no, and email id
- Corporate company PPT’s with company brief
- Company Marketing and sales presentations
- Company newsletters, fact sheets
PERSONAL
- Personal information like name, phone no. and email id
- Credit Card Details, Bank Account Statements
- Personal Health Data
- Personal trip photos with family
- Movies, Videos, Song collection
MISCELLANEOUS
- Educational collaterals like test papers, thesis, and periodicals
- e-books on gardening
- Academic coursework related to organic chemistry
EMAILS
- PST Files
EXPLICIT Data
- Porn Videos
OTHERS
- PDF marketing design files
In one such hard disk drive, the comprehensive business details of an Automotive showroom, including monthly sales, historical sales records, pricing list, feedback forms, and complete customer information comprising names, addresses, and contact numbers was identified.
In another startling case, the extensive personal information comprising the name, age, date of birth, phone contact list, bank statement, credit card statements, personal photographs, pirated software, music, and videos were recovered. A huge amount of critical and sensitive data which includes official data like Accounting data, Tally® files, corporate presentations, design files, and invoices have also been recovered. The study highlights that individuals are not the only ones at risk for identity theft, the companies are at an increased risk as well.
While disposing of their old gadgets like hard disk drives or else mobiles, consumers, both individuals and corporates alike, unknowingly risk passing their most sensitive data to strangers, hackers, and cybercriminals when they discard these drives. This grave risk exists till the data is not securely erased by a certified data eraser software. Companies spend billions of dollars to secure their network and keep the information confidential however they can end up in a total business loss situation when the disposed old drives with insecure erasure are misused by cybercriminals.
In the case of individuals, thanks to the proliferation of electronic gadgets, we all have a habit of saving passwords for personal bank accounts, personal health records, and e-mails on hard drives. The leakage of such sensitive information is a grave threat to your identity and your data privacy.
Imagine losing your Honeymoon photos, private videos, or family vacation videos to a cybercriminal. A huge amount of sensitive information can be recovered from these. As an illustration, most of our photos and videos contain very specific geolocation data and we can also uncover when these were taken, in other words not only the photos or videos themselves but also the accompanying information of location and time can be shared with the entire world, taking your privacy for a toss.
Worse, imagine your credit card details being available along with your identity documents, these two coupled together can lead to your entire credit limit being wiped off immediately with funds withdrawn with explicit and malafide intent.
Consequently, over 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws that prohibit the disclosure or misuse of information about private individuals.
For any business customer data and business, data forms the core of operations, loss of these to hackers or cybercriminals will result in wiping off the entire business. Imagine the Profit and Loss account of an unlisted company being made public or worse still, imagine confidential bank/account details becoming public. In such cases, the company stands to lose not only its business but also credibility in the market.
Illustration of personal identity cards being available from the old/used Hard Disk Drives:-
The study also highlights two of the most glaring loopholes in the prevailing context;
- No privacy-specific precautions are taken by sellers while selling their used device online
- No type of secure deletion process is used by either the individuals or the online marketplace running such a multi-seller-buyer platform
In light of the above findings, it is strongly recommended to take the following basic tips to protect data privacy
- Backup your data- Be sure to have an up-to-date backup of all the important files and data in another device.
- Trust the experts- To prevent any privacy leakages, it’s critically important to look for an expert in the data erasure domain.
- Use a DIY certified software- securely wipe a hard drive to ensure all of your data cannot be recovered. The latest advancement ‘plug and play software’ Bitraser® Drive Eraser software is the most convenient yet powerful privacy solution for all devices.
- A sustainable way of data deletion- Erasing data using regulatory compliance software is a sustainable technique for physically destroying the storage media.
This eye-opening study now mandates the need for consumer awareness for both individuals and businesses alike, about their own Data Privacy and the need to adopt proper and secure data erasure techniques before discarding legacy gadgets; this is a prerequisite to keep cybercriminals at bay.
For additional information and insights about this study, please reach out to us at pr@stellarinfo.com
Thanks for this information, it’s really helpful to me.
Thanks for reading our blog.