Varying amounts and types of residual data have been found on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and Gazelle.com.
Based on an examination of 122 pieces of second-hand equipment, 48 percent of the hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35 percent of the mobile devices.
Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals.
The residual data left on two of the second-hand mobile devices were significant enough to discern the original users’ identities. Whether it’s a person’s emails containing their contact information or media files involving a company’s intellectual property, lingering data can have serious consequences.
“Most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren’t always effective at removing data permanently and they don’t comply with regulatory standards. There’s no better example of this danger than the findings of a recent state audit, which found that 12 US state agencies responsible for handling taxes, programs for people with mental illness and driver’s licenses used inadequate methods to attempt to wipe information,” said Paul Henry, IT Security Consultant for Blancco Technology Group.
Additional findings from the study include:
Basic file-deletion commands leave hard disk drive users with a false sense of security. On four of the drives containing residual data, or 11 percent, only a basic delete was performed, meaning that the user simply deleted the file or sent it to the recycle bin. This left 444,000 files exposed.
‘Quick format’ and reformatting are common, but unreliable, tactics to wipe personal information clean from old hard drives. Our analysis showed that ‘quick format’ had been performed on 61 percent of the drives with data still present.
Data is difficult to delete and can easily resurface after mobile devices are resold. Fifty-seven percent of the mobile devices with residual data found on them had a deletion attempt made on them, which left 179 texts, 252 instant messages, 75 large photos and two SMS messages exposed.
Leftover emails, text messages and instant messages can cause personal, financial and reputational damage to users and their employers. A total of 2,153 emails and 10,838 texts/SMS/instant messages were retrieved from the mobile devices analyzed.