Study reveals security risks of careless hard drive disposal

Many organisations are failing to erase confidential information from their computer hard drives before disposing of them, causing serious security risks, a university study has warned.

Ninety-two hard drives purchased from internet auction website eBay and computer fares were analysed by researchers from the University of Glamorgan who had no prior knowledge of where they had been purchased from or what they contained.

The research team, from the university's School of Computing, found that over half the disks contained information which identified the organisations (57%), identifiable usernames (53%) and personal information (51%), including employee contact details and national insurance numbers, VAT numbers and family information.

A fifth of the disks also contained important financial information, such as sales receipts and profit and loss reports.

There also appeared to have been unsuccessful attempts made to remove data from almost half (48%) of the disks.

A control group of drives, which were sourced from a company specialising in data destruction, were also used in the research – all had been wiped and were found to be clean.

Dr Andy Blyth, Principal and Head of the Information Security Research Group at the university, who headed the research team, described the results as "surprising". He said: "Companies have an obligation to dispose of data when it is no longer required and many of the organisations involved are now launching investigations in to how this information has ended up in the public domain. Such research can help improve security measures and stop this kind of infringement happening."

Dr Blyth warned that information left on hard drives could be used by criminals to commit crimes such as identity theft, extortion and blackmail. The best way to destroy information stored on the hard drive, he said, was to stick a large nail through the drive and physically destroy it.

The School of Computing regularly undertakes research on behalf of the police and high-tech crime units. The researchers have an established record in network security and data crime analysis.


Related UK National News Stories
Click here for the latest headlines.

22 November 2004
New info packs set to end 'shambolic' house-selling process
The new Home Information Packs will put an end to Britain's "shambolic" home-buying and selling process, the government has said today. From 2007 sellers or their estate agents will be required to have key information available at the start of the process of marketing their home.
26 August 2008
Sensitive Customer Data Sold On Auction Site
Bank details of over one million customers have been discovered on a computer sold on eBay. The PC - sold for £35 - had sensitive information on the hard drive, comprising bank customers' private information. The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers' details were involved.
30 October 2013
Numbers Taking Up NHS Stop Smoking Service Fall
New figures have shown an 11% drop in the number of people using the NHS in England to quit smoking. The Health and Social Care Information Centre data reveals the first fall in the use of the service for four years.
06 March 2009
ICO Seizes Covert Database Of Construction Industry Workers
An investigation by the Information Commissioner's Office (ICO) has uncovered a database containing details on 3,213 construction workers which was used by over 40 construction companies to vet individuals for employment.
10 October 2008
MoD Hard Drive Missing
A computer hard drive with 1.6 million pieces of private information about the armed forces is missing, the Ministry of Defence (MoD) has said. The names and personal details of around 100,000 serving personnel across the Army, Royal Navy and RAF are believed to be on the drive.