We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents. 

Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.

This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here

DON'T BE VICTIMS OF DATA THEFT!

With today’s used hard drive market, it is still easy for a data thief to target and recover valuable data—about as easy as it has been since our first study in 2007. Half of the drives that we purchased for all three studies combined contained interesting data. Even though the solution is simple—to perform a complete one-pass write over the hard drive (called a wipe), there continues to be reasons why people don’t do it. We believe the reasons are threefold:

• Lack of awareness about where old hard drives go when they’re not needed any more—many IT shops may resell them

• A socially lax attitude: i.e. “old data isn’t important anymore”

• Lack of knowledge about how to erase a drive properly

Selling a used hard drive can be a good idea. For that to be considered a “safe” practice, there needs to be an increased level of awareness among users and vendors alike. Every computer user has a responsibility to make sure their drives are wiped correctly before they sell it. A common way drives are sold without being wiped occurs when users fail to know what a PC repair technician does when they “recycle” old equipment. In cases like these, users should ask what the policies about used hard drives are, and consider performing a proper erasure themselves.

This post is an excerpt from the white paper "Hard Drive Security Study".