Used hard drives a soft touch for fraudsters
The Information Commissioner’s Office (ICO) is urging consumers to take better care of their data, following an investigation into the trade in used hard drives. The ICO has published new guidance to help individuals securely delete personal information from their old devices.
An investigation by the ICO found that one in ten second-hand hard drives sold online may contain residual personal information. An ICO survey also found that 65% of British adults now hand on their old phones, computers and laptops to another user, with 44% giving it away to somebody else for free and around one in five (21%) selling it to somebody else.
The ICO asked a computer forensics company to source around 200 hard drives, 20 memory sticks and 10 mobile phones. The devices were mainly bought online from internet auction sites and some were sourced at computer trade fairs. The devices were then searched, initially without any additional software, and then interrogated using forensic tools freely available on the internet.
The research found that, while 52% of the hard drives investigated were unreadable or had been wiped of data, 48% contained information and 11% was personal data. The amount of personal data found on the mobile phones and memory sticks was negligible.
In total 34,000 files containing personal or corporate information were recovered from the devices. At least two of the hard drives contained enough information to enable someone to steal the former owner’s identity. The residual documents included scanned bank statements, passports, information on previous driving offences, and some medical details. A further four hard drives contained information about the employees and clients of four organisations, including individuals’ health and financial details.
All four organisations were contacted and have now taken action to ensure people’s information is securely deleted from redundant equipment, or the equipment is destroyed as necessary. One company has also signed an undertaking to introduce further improvements.
Announcing the outcome of today’s report, Information Commissioner, Christopher Graham said: “We live in a world where personal and company information is a highly valuable commodity. It is important that people do everything they can to stop their details from falling into the wrong hands. Today’s findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices.
“Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered.
“The ICO has published guidance to help individuals securely delete information stored on their old devices. We hope this publication will help people to take better control of their personal data.”
We have also published a survey to coincide with the research project looking at people’s attitudes towards data disposal. The survey shows that 65% of people now hand on their old phones, computers and laptops to another user with 44% giving it away to somebody else for free and around one in five (21%) selling it to somebody else.. This figure rises to 31% of 18 – 24 year olds selling their mobile phone, computer or laptop to somebody else.
The survey also found that an alarming one in ten people who have ever disposed of a mobile phone, computer or laptop, said that they had never deleted information held on a device before disposing of it, potentially allowing their data to be accessed by the next person who used it.
- View the ICO’s report on unscrubbed hard drives (pdf)
- Read the full results of the ICO’s survey into attitudes about data destruction (Excel file)
- Read the ICO’s advice for individuals on how to securely delete their information from an old device
If you require any guidance on IT security, please contact any of the team at BGP, or email us at firstname.lastname@example.org