Sites like eBay and Craigslist are reselling electronics with your personal data still on them
Do you have old hard drives you want to sell or get rid of? Chances are you’ll leave private information on them once you hand them over.
More than two-thirds of hard drives and solid state drives (a faster type of hard drive) that are re-sold on eCommerce sites eBay and Craigslist still have personal information left on them. According to a study by the Blancco Technology Group — a technology repair and security company — one-third of the drives showed that users tried to delete information by using the Recycle Bin or delete button, but personal data was still found.
You can’t trust anybody to properly wipe them for you, either. In the study, 200 used hard disk drives and solid state drives were purchased from eBay and Craigslist. Digital analysts recovered personal data from 78 percent of the drives.
“The study’s findings reiterate just how easy, common and dangerous it is when businesses buy back and/or resell used electronics without properly wiping all data from them,” Blancco says. “Failing to wipe drives clean before they are resold, repurposed or recycled can cause irreparable damage to customer loyalty, brand reputation and sales, both near-term and long-term.”
What exactly is “personal data?”
Among the findings, 67 percent of the drives had personally identifiable information still on them, including:
- Photos (43 percent)
- Photos with geolocation data attached (24 percent)
- Social Security information (23 percent)
- Financial data (21 percent)
- Resumes (10 percent)
“These types of files contain all of the information needed for a hacker to go in, steal the information and then perpetrate identity theft and fraud,” says Paul Henry, a digital forensics expert who analyzed the data. “In a world where money rules, this could have devastating effects for individuals because it could not only rob them of their hard-earned money, but it could also hurt their chances to get approved for financing, mortgage loans and so much more.”
When “delete” doesn’t actually delete
According to the study, many users who tried to delete information off the drives had used the Recycle/Trash Bin or another type of delete button. Because of this, users are unaware of the difference between “erase” and “delete.”
The study found only 10 percent of the drives had a secure data erasure method performed on them. Because so few users know about proper deletion methods — or all the locations where their files are stored — many people are leaving themselves vulnerable to identity theft. Businesses that dump old drives and devices are also making their current or former employees vulnerable to identity theft by not properly wiping drives.
How to delete your personal information off devices
When you are getting rid of personal paper documents, it’s helpful to shred the paperwork in order to protect yourself against identity theft. But what if you’re getting rid of devices, not papers?
1. Back up files — Make a copy of all the information you want to keep and place it somewhere other than the device you’re tossing, usually another drive or on the cloud.
2. Choose the best remover — If you have personal information, especially financial data, you can use a certified refurbisher, like this one from Microsoft.
3. Do it yourself — There are some software options for thoroughly erasing the information yourself, including free options like Active@ KillDisk and Softpedia. If you’re wiping smartphones or gaming consoles, Microsoft suggests using a certified refurbisher.
4. Stop theft before it starts — Our education center describes what exactly identity theft is, how to prevent it, and how to report it if it happens. Learn about the precautions you should be taking, and ways to minimize the impact — because it will eventually happen to you.