Research carried out for Britain's Information Commissioner's Office (ICO) by NCC Group found that 11 percent of secondhand hard drives contain recoverable personal information belonging to the original owner.
A total of 200 hard drives bought from Internet auction sites and trade fairs were examined, and the results are quite shocking. 11 percent were found to contain personal information belonging to the previous owner, while another 37 percent had what is described as "non-personal" information. Only 38 percent of the drives had been properly wiped, while a further 14 percent were damaged and unreadable.
Of the data recovered, some 34,000 files were found to contain highly sensitive information, including scanned bank statements, passports, birth certificates, employee information, full bank details, family photos, and medical information.
According to Graham Cluley, senior technology consultant at security firm Sophos, "such incidents aren't always the fault of the company who owned the hard drives," and they could be the fault of a third party organization used to handle the secure disposal of assets.
"But it's always us, the unfortunate member of the public," he adds, "who is most exposed by the sloppy practice."
I recommend three ways of erasing a hard disk drive (HDD). The first is to use software solution such as DBAN to erase the drive. This method can be very time-consuming and the drive has to be attached to a PC for the entire operation, which can last for hours. It is, however, a cheap -- the software is free -- and very effective way of erasing a hard drive.
|Image Gallery: Wiping a hard drive with DBAN|
Finally, there's the tried and trusted method of taking a hammer and a six-inch nail and hammering the nail through the drive a few times. Drives are actually quite soft and the nail goes through pretty easily. Just make sure to wear eye protection and gloves, and make sure that you don't nail the drive to your floor!
With dead drives, many times there's no alternative other than to use the hammer and six-inch nail method, as both the software and hardware erasure tools require a functioning hard drive.
Erasing Solid State Drives (SSD) is a lot trickier. Unless the SSDs are encrypted then the most secure file deletion method can leave more than 4 percent of the original data recoverable. If the drive in encrypted then the best way to erase it is to delete the encryption keys from the Key Storage Area (KSA) and then overwrite the entire disk with a full DoD-compliant erasure tool. Consult your SSD or encryption utility's user manual for information on how to erase the KSA.