I read the shocking news that 11% of used hard drives in the UK contain recoverable personal data.
The news is shocking, of course, that it isn’t much higher.
A couple of years ago, I strolled in to work on a Monday. My former coworker Rich greeted me as I walked in the door and asked how my weekend was.
“I scored a 320 GB external hard drive for five bucks at an estate sale.”
“Ah,” he said, raising an eyebrow. “Find any PII on it?”
He was testing me. PII is security babble for personally identifiable information. Keeping that kind of stuff out of the hands of strangers is a good thing.
And the answer? Of course I found PII on it! I found what claimed to be a resume, a few other word processing files, and an MP3 copy of Message in a Box by The Police.
I don’t have a large sample size, but half the drives I’ve bought that way had that kind of stuff on them. The other half, the people used a system restore disc to revert the drive to a factory Windows installation. That’s better, but a snoop could still recover some old data from it.
I can only conclude that a fairly high percentage of people who resell hard drives clean them before reselling them.
Contrary to popular belief, a product like Darik’s Boot and Nuke doesn’t clean a drive to DoD standards. The DoD physically destroys hard drives containing classified information. Even so, overwriting data about seven times is good enough for personal use, even if it’s not good enough for the DoD anymore. So if you’re disposing of a drive, or if you make extra money by reselling secondhand drives, you should keep a copy of Darik’s Boot and Nuke on hand and use it.