Selling an old computer on eBay? You may also be giving away data you thought you erased
You're donating an old computer storage drive or putting one up for sale on eBay. But first, you erase all the data.
Or so you think.
Researchers teaming up from a data erasure and mobile security firm Blancco and a data recovery company Ontrack found otherwise.
The companies purchased 159 drives at random on eBay, a mix of hard drives and flash (SSD) drives.
After applying data recovery tools to those drives, they found that 42% of them had at least some data. Even more concerning, about 3 out of every 20 of the drives had personally identifiable information, including scanned images of passports and birth certificates, as well as financial records.
Some of the drives also included corporate data. One had 5GB of archived internal email messages from a major travel company, and another, 3GB of shipping details and other data from a cargo/freight company. A third drive included data from a software developer that had what was described as a "high level of government security clearance."
How could this happen? Rarely does a consumer looking to purge a drive go to the trouble of hiring a firm such as Blancco to remove data. In fact, Blancco's customers tend to be larger enterprises or governments.
Instead, consumers who even bother to remove data from their drives either delete certain files individually, or attempt to reformat that drive, thinking any existing files may be overwritten.
But "formatting is not the same thing as removing data," says Fredrik Forslund, vice president of cloud and data erasure at Blancco, who adds that there are two ways for doing so in Windows—a quicker less secure method and way deeper format method. But even deep formatting, he says, leaves some data behind, where it could be surfaced by an individual or company with the proper recovery tools.
Forslund suggests downloading and running free "open source" software online called DBAN, which Blancco supports financially, though the company claims not to profit from them.
But there are many other available tools, CCcleaner, Parted Magic, Active Kill Disk, and Disk Wipe, among them.
You can, of course, continue to manually delete files of sensitive documents or pictures, keeping in mind that doing so isn't foolproof either.
"It's like reading a book and removing the table of contents or the pointer in the file system to that file," says Forslund. "But the entire data in that file remains on the hard drive so anyone can download freeware recovery software, run it, and get all the data back."
The other thing you might do is consider your risk. Are you likely to be targeted? Does your drive have personal stuff blended with stuff from your employer?
Even with tiny odds, consider how you'd react if private or sensitive information were to leak. And Forslund says bad actors do purchase second-hand equipment as "a good source of creating an opportunity as an attack towards a company where you might be working."
(c)2019 USA Today
Distributed by Tribune Content Agency, LLC.