InfoSec 2012: One in 10 second-hand hard drives contain personal data

[InfoSec News <alerts () infosecnews org>]

http://news.techworld.com/security/3353817/infosec-2012-one-in-10-second-hand-hard-drives-contain-personal-data/

By Sophie Curtis
Techworld
25 April 2012

The Information Commissioner’s Office has published a report revealing 
that one in ten second-hand hard drives sold online contains residual 
personal data, with some containing scanned bank statements, passports, 
information on previous driving offences, and medical details.

The report is based on a “mystery shopper” exercise carried out by NCC 
Group on behalf of the ICO. The organisation sourced 200 hard drives 
from a mixture of internet auction sites and computer trade fairs. The 
devices were initially searched without any additional software, and 
then interrogated using forensic tools freely available on the internet.

The research found that, while 52 percent of the hard drives 
investigated were unreadable or had been wiped of data, 48 percent 
contained information and 11 percent of that data was personal. In at 
least two cases the hard drives contained enough information to enable 
someone to steal the former owner’s identity.

“We identified 34,000 files containing either personal or corporate 
information – ample material to compromise the security of individuals 
and to allow fraud to take place,” said Information Commissioner, 
Christopher Graham, in a keynote session at the Infosecurity Europe 
event.

[...]

_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org