Businesses and individuals are dumping hard disks with large amounts of data still on them, leaving the door open for identity theft, commercial sabotage or political compromise, a yet-to-be-released study has found.
Researchers have been conducting the annual study, called "The analysis of information remaining on disks offered for sale on the second-hand market," since 2005.
They analyzed used hard drives obtained in second-hand markets and found that the majority of the disks contained sensitive data, Glenn Dardick, study researcher and assistant professor of information systems at Longwood University in Virginia, told SCMagazineUS.com on Wednesday.
Each year, researchers have discovered Social Security and bank account numbers on the used machines. They also have found government information, patient medical records, court-sealed documents involving child abuse and wills of deceased people, Dardick said.
The research team includes Dardick, Andrew Jones, head of information security research at U.K.-based British Telecommunications; Craig Valli of Edith Cowan University in Australia and Iain Sutherland of the University of Glamorgan in the U.K. The ongoing research is expected to be published in the International Journal of Liability and Scientific Enquiry.
Dardick said he obtained many of the hard disks he studied on eBay. Others were purchased in private stores. They came from the U.K., North America, Germany, Australia, Europe and Asia.
Researchers found that one-third of the disks they analyzed this year had been wiped clean, as opposed to 45 percent last year.
Dardick said he hopes the study will illustrate that companies should expunge hard drives of sensitive data before getting rid of them. Additionally, it highlights the need for asset control within companies, he said.
“Companies have to be held accountable for where they stored customer data and where it's held today,” Dardick said.