Don't fall into this trap if you're selling an old hard drive
Make sure you securely wipe your disk before eBaying
A new study has shown that people selling on their old used hard drives or SSDs aren't taking the proper precautions to fully wipe their data from them, with the obvious danger that the buyer may be able to access their personal information – or indeed corporate data in some cases.
This revelation was made by Blancco Technology Group in a report entitled 'The Leftovers: A Data Recovery Study', which examined some 200 drives purchased from eBay and Craigslist (93% of those were hard drives, the remainder SSDs).
Blancco's digital forensics experts then set to work on the drives and were able to recover at least some residual data from no less than 78% of these pieces of hardware. 67% of the used drives held personally identifiable data, and perhaps even more worryingly, 11% of them still held sensitive corporate data that could be extracted.
The forensics experts were able to extract company emails from 9% of drives, spreadsheets including things like sales projections from 5%, and actual customer data from 3%.
As for the personal information gleaned, photos were recovered from 43% of the drives, social security numbers from 23%, financial data from 21%, and CVs from 10%.
That's a lot of potentially damaging information when it comes to both individuals and businesses.
Not really deleted
The problem here is that most people don't realise that deleting files (and then emptying the recycle bin) doesn't actually delete the data. It may be deleted as far as the OS is concerned, but the data remains on the physical drive until it's overwritten by fresh data.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
36% of the used drives simply had files deleted like so, but the most common method of wiping was actually a quick format, which the study found was employed in 40% of cases. But even formatting doesn't actually erase the data from the physical drive, and data is still potentially recoverable.
To ensure that data is truly obliterated from a hard drive or SSD, a secure data erasure method must be employed, which involves actively overwriting all traces of data (usually multiple times to make sure that nothing intelligible remains). Only 10% of the examined drives had been securely wiped.
Pat Clawson, CEO of Blancco Technologies, commented: "In even the most technology-inclined companies today, IT executives and CIOs often put most of their attention, resources and budgets towards tackling data security threats. Our study shows the dangers are just as precarious when data isn't securely and completely erased."
- Check out our best hard drive and SSD deals in June 2016
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).
This tiny super cheap $13 PC is barely bigger than an adult pinkie finger and has no OS — and yet this hacker-friendly device packs a display, MicroSD card slot plus Wi-Fi connectivity
Hardware startup wants to solve the multi billion dollar problem of bandwidth by using an ancient technique — AI memory compression technique could save Google, Microsoft billions but Nvidia won't be happy