The UK's Information Commissioner's Office (ICO) reports that a study of 200 used hard drives by computer forensics company NCC Group found that one in 10 second-hand hard drives being sold online contain "residual personal information."
While 52 percent of the hard drives that NCC Group examined were unreadable or had been wiped of data, 48 percent contained information, and 11 percent was personal data. At least two of the drives contained enough data to steal the former user's identity.
"Among the 34,000 files found were scanned bank statements, passports, information on previous driving offences and some medical details," BBC News reports. "Four of the hard drives came from organisations rather than individuals and contained information about employees and clients, including health and financial details."
"We live in a world where personal and company information is a highly valuable commodity," Information Commissioner Christopher Graham said in a statement. "It is important that people do everything they can to stop their details from falling into the wrong hands. Today’s findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices."
"The ICO published a list of guidelines to help people effectively wipe their hard drives; tips include physical destruction, secure deletion software, reformatting, sending a drive to a specialist, and restoring a drive to its factory settings," writes SecurityNewsDaily's Matt Liebowitz.
"Although more and more companies do take a higher level of care when getting rid of old computer equipment, there's clearly still more work to be done," notes Sophos' Graham Cluley. "And don't forget, on a personal level, when throwing out your creaky old Windows computer or Mac laptop, to ensure that you have securely wiped it first to prevent your personal data falling into the wrong hands."