We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents.
Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.
This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here
YOU HAVE DATA THAT A BAD GUY WANTS
Most people use their computers for more than “just email”. We use computers to help us with our taxes, buy goods online, interact with our banks, pay our bills, connect to social media, and store our personal photos. This means that our hard drive is likely to record our social security numbers, income, address, credit card numbers, personal account information, and keeps photos of ourselves, our friends, and family members. A modern hard drive paints— and stores—a fairly complete picture of our lives. One common myth we hear is “I’m not important enough to be interesting to a data thief.” There are many types of valuable data that are on your hard drive right now. Even if someone only uses a computer for email, an email address book is worth money. Combined with demographic information, email addresses become even more valuable. An identify thief, armed only with a compromised email account, can impersonate a victim and obtain increasing levels of access to other accounts. Many online accounts/ institutions often consider ownership of an email address to be a valid form of identification. A password to an email account grants access to social media sites, for example, where the attacker may learn answers to personal security questions, such as “mother’s maiden name” or “favorite pet”—information that can then be used to gain access on “more secure” websites, such as banks.
WHAT DID WE FIND ON THE DRIVES IN THIS YEAR’S STUDY?
We found everything a bad guy would want: Credit card numbers, Social Security numbers, tax records, addresses, birth certificates, college registration information, personal photos, and more. It’s lucky for the former owners of these drives that we’re the good guys. These drives and all copies of the data on them were securely erased after the examination.
This post is an excerpt from the white paper "Hard Drive Security Study".