Dire data destruction creates security nightmare

Powered by SC Magazine

Organisations are putting themselves at risk by not properly deleting files before selling on old computers according to new research.

A study from the University of Glamorgan suggests that valuable information is easy to find on computers that have not had their files erased properly.

The survey of 111 hard drives, bought from internet auction sites, uncovered financial accounts, school records and personal information.

Andrew Jones, research group leader of BT's Security Research Centre, who analysed the hard drives, said the problem was businesses not understanding the complex procedures needed to properly delete computer files. Moreover, they could be entering a legal quagmire.

"Companies believe they have the infrastructure in place to deal with these problems, but they haven't checked policies to make sure they work," he said. "Companies are not fulfilling statutory obligations under such acts as the Data Protection Act or Sarbanes-Oxley and Gramm-Leach-Bliley."

Beyond the possible legal implications of this some industry experts argue that companies not properly deleting files could leave themselves open to some form of attack.

"Failing to completely erase information before reselling computers can easily come back and create even more headaches for businesses," said Arthur Barnes, principal consultant, at secure technology company Diagonal Security. "It could provide would-be hackers with company passwords which can compromise the organisation, or sensitive personal information which can create opportunities for identity theft."

Jones disputed any suggestion that criminals are targeting discarded computers but believes if they did, it would be easy to get potentially harmful information.

"It is ridiculously easy to find information on these disk with nothing more complicated that the Windows operating system and a hex editor," he said.

Jones added that hard disks should be crushed or melted down rather than using software tools. "Most of those on the market do not effectively destroy data."

Some of the more interesting findings the university made include school reports, psychological information and details of a married woman's affair.


Copyright © SC Magazine, US edition

Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.