We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents.
Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.
This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here
HISTORY OF DRIVE PURCHASES FROM EBAY
On three separate occasions, we purchased used hard drives on eBay to see what data were being left on them after sale. We quickly found tax documents from (with salary, SSN, address, etc.), legal records (including a lawyer’s drive, with information about clients), vast amounts of email and personal photos, and trails of web surfing. When a drive contained data, it often contained information about several people (and email addresses of their contacts). By viewing the data we can often determine the drives’ original owners—they were a range of corporate, legal, and end user.
The purpose of this paper is to promote personal hard drive security, and to discuss why everyone should think about what happens to their old hard drive when upgrading to a new computer. This paper includes the study of a purchase of 20 used hard drives on eBay, looking for data that was accidentally sold along with them. This is the third paper in the last seven years that has studied used disk drives purchased from eBay. In all three studies, we found data that would be considered extremely valuable to their owners—including complete tax records, privileged attorney/client information, scans of completed federal forms, and more. Finally, this paper discusses how to properly erase a hard drive and highlights some common ineffective methods.
This post is an excerpt from the white paper "Hard Drive Security Study".