More than 50% of storage devices for Resale contain Personal Identifiable Information (PII), study finds
Before reselling a device with any type of storage (for example PC, laptop, used hard drive, smartphone, tablet, USB stick, Copier machine any other storage device including in IoT), you may want to make sure that all of your data is wiped out of the device thoroughly.
But research has found out that people around the world tend to neglect this step, and fail to understand the importance of Data breach. There are companies that purchase more than 150 storage devices from many counties including United States, the United Kingdom, Germany, India and Finland.
They found that 42% of those devices contained sensitive data, and 15% contained personally identifiable information (PII), like email addresses, photos, passport scans, emails, university papers, and much more. There could be Personal Healthcare Information (PHI) and financial data as well, including Aadhar Card Number, Bank account Number., Routing Number or Social Security Number etc.
But although people think that deleting data is enough (a process called Data Sanitisation), Proton says that these methods are clearly inadequate. A file deletion or media formatting simply erases the envelop header or index addresses. The data remains inside the media that can be accessed by unauthorized parties. This is like removing address from an envelope containing sensitive information and handing it over to unwanted recipients. NIST recommends hard and soft erasure combined with physical destruction.
“Selling old hardware online might feel like a good option, but the truth is, it builds a serious risk of exposing sensitive data," says Proton Research & Development quoted by its VP Ryan Lobo.
“If these hardware devices fall in the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members.”
“There has always been a confusion around the right methods of data erasure, as everyone assumes the data to have been permanently deleted .It's important to securely erase any data on drives before selling them or discarding them.
Personally identifiable information (PII) found on the devices includes:
1. A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records
2. University student papers and associated email addresses
3. Archived internal office email up to 5GB from a major travel company
4. Almost 3GB of data from a cargo/freight company, along with schedules, truck registrations and documents detailing shipping details
5. University student papers and associated email addresses
6. Company information from a music store contains more than 32,000 photos
7. School data, including photos and documents with pupils’ names and grades.
To help save crucial data from falling into the wrong hands, Knitlogix have come up with degaussing solutions which makes data irrecoverable and safe to discard. For more FREE information and custom solutions, reach out to a Data Security Consultant at www.knitlogix.com practicing data security as per NIST,GDPR, India IT act & DoD standards in global data security.
References: Regulatory Organizations, Data Destruction OEMs in Global Data Security