We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents.
Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.
This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here
THE LAWYER’S DRIVE
Of all of the drives in the 2014 study, one stood out from the rest. The original owner of the drive was a lawyer, and we have no doubt that his clients would be upset to learn that the person they hired and trusted to keep their information private and secure failed to do so. The lawyer, in turn, would likely be upset that the PC shop that had his hard drive, sold it without erasing it properly. A lot of the data on this hard drive was about the lawyer’s family and legal business, but it also included documents about clients and their legal cases. On the first attempt, this hard drive appeared to be nonfunctional—the drive would click instead of mounting. We found that the drive would function properly only if oriented upside-down; when a hard drive is having a hardware failure it can help to return it to the orientation it was most used in order to recover data. Here’s a brief list of what we found on that one hard drive:
• The lawyer’s wife’s W2s—including SSNs and income information
• His completed, signed, and scanned 1040 tax return • A signed—but otherwise blank—power of attorney form
• A scan of a police-issued ticket to the lawyer’s son on possession of marijuana
• Records indicating his son’s commitment to a rehabilitation center, including bills, receipts, and detailed weekly progress reports
• Scans of handwritten letters from the son back to home
• Debt reduction information with a certain bank, including detailed lists of assets, such as specific stock holdings, owned by the hard drive owner
• Scans of the drive owner’s driver license
• The drive owner’s credit card numbers (with expiration date and CSV) on hand-written and scanned documents
• And finally, volumes of client data (judge orders, motions filed, etc.) in more than 500 PDFs and 500 word documents A majority of this drive went unchecked, as there was no point to continue—clearly there was a lot of damning information.
This post is an excerpt from the white paper "Hard Drive Security Study".