- Security TWENTY
- Women in Security Awards
Have you ever thought of making extra money selling used hardware online? Whilst the idea of this sounds promising, it comes with a high risk of handing over your personal information, falling victim to cybercrime.
Blancco Technology Group recently produced a report which highlights the importance of taking precautions when selling used hardware online that could contain personal data. Details from the report were taken after analysing 159 drives that were purchased through various eBay platforms including the UK, US, and Germany. What were the findings? What is the likelihood of finding personal information on a used drive? The results found that a whopping 42%, nearly half of the drives, still held delicate data on them!
Astonishingly, the results showed that whilst sellers acknowledge the need to remove all data before thinking about re-selling a storage device, their chosen methods are far from adequate. This is confirmed as the report shows that approximately 15% of the examined drives still contained personally identifiable information (PII), despite sellers claiming they had ‘used sufficient sanitisation methods’ to ensure all data was removed. Personally identifiable information can be described as; information that can potentially be used as a way to differentiate one person from another. Certainly not data you want in the hands of a stranger.
“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data. By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members.” said Fredrik Forslund, VP of Blancco cloud and data erasure.
Sam Curry, chief security officer at Cybereason made the following statement, “The conventional best practices for securely decommissioning drives before disposal are to get professionals that you trust to really wipe and rewrite every trace ‘three times,’ which feels a little like overkill to laypeople. It does matter, though, when the data you have is in trust from and for other people.”
The detailed report has revealed that there is a clear misperception surrounding how to permanently remove data from a storage drive. Every seller believed they had removed all data from the storage drives they were reselling, where the examination shows how sensitive data was still stored on these devices.