Latest news
One in ten secondhand hard drives contains residual personal data of its previous owner, revealed an investigation commissioned by the UK Information Commissioner's Office and executed by IT assurance company NCC Group.The company bought 200 hard drives, 20 USB memory sticks and 10 mobile phones through Internet auction sites and at various trade fairs, and analyzed its contents first by taking a simple look and then by employing forensic tools that anyone can download from the Internet.
And while the results of the analysis of the memory sticks and mobile phones revealed that most of the data has been securely wiped before the sale, the analyzed hard drives were teeming with data.
It's interesting to note that only 38 percent of the tested drives had been actually wiped, and 14 percent to damaged to be readable.
Unfortunately, 11 percent of them contained personal information, and 37 percent carried non-personal information.
All in all, some 34,000 files containing personal or corporate information was retrieved from the discs, and that included files with employee information, bank details, tax information, job applications, family photos, scans of sensitive documents such as passports and bank statements, and more.
"Today's findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices," Information Commissioner Christopher Graham commented on the results.
"This isn’t a case of scaremongering, or using sophisticated techniques only available to large organizations," said Paul Vlissidis, technical director at NCC Group. "We purposefully used simple, easily sourced forensics processes and tools, to demonstrate that any information we accessed could also easily be stolen by people of criminal intent. It's sobering to think that nearly half of the used devices on the market contain personal information up for grabs."
"Ultimately, there’s a huge amount of information being stored that is potentially damaging in the wrong hands. To protect both personal and corporate data, it’s essential that people become better educated about securely wiping devices, which is what this research is intended to highlight.”
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
