Sensitive data lurking on discarded hard drives

Hard drive with lost data

People are still leaving valuable and sensitive data on computers when they part ways with them, according to research.

According to researchers at the University of Glamorgan, a significant number of second hand computer hard drives contain personal and, in some cases, highly sensitive information that is readily accessible to their new owner.

The study was commissioned by BT and involved an analysis of over 300 computer hard disks bought in a range of countries through computer fairs, auctions, and eBay.

During their studies the researchers found data ranging from bank account details, to medical records, and - incredibly - launch information concerning a US military missile air defence system on a disk bought through eBay in that country. The same disk offered a bounty of extra information according to the researchers who explained that it also contained personal information on employees including their social security numbers.

Other disks offered material on large financial transactions, security protocols at a German embassy, and a peak behind the organisational curtains of a large UK fashion house.

Professor Andrew Blyth, who led the research at the University, said: "Of significant concern is the number of large organisations that are still not disposing of confidential information in a secure manner. In the current financial climate they risk losing highly valuable propriety data."

In fact, 34 per cent of the disks bought contained information relating to a business or an individual, a figure viewed as being way too high.

"This is the fourth time we have carried out this research and it is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks," added Dr Andy Jones, head of information security research at BT.

"For a very large proportion of the disks we looked at we found enough information to expose both individuals and companies to a range of potential crimes such as fraud, blackmail and identity theft. Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly."