
Researchers have been conducting the annual study, called "The analysis of information remaining on disks offered for sale on the second-hand market," since 2005.
They analysed used hard drives obtained in second-hand markets and found that the majority of the disks contained sensitive data, Glenn Dardick, study researcher and assistant professor of information systems at Longwood University in Virginia, told SCMagazineUS.com on Wednesday.
Each year, researchers have discovered Social Security and bank account numbers on the used machines. They also have ound government information, patient medical records, court-sealed documents involving child abuse and wills of deceased people, Dardick said.
The research team includes Durdick, Andrew Jones, head of information security research at U.K.-based British Telecommunications; Craig Valli of Edith Cowan University in Australia and Iain Sutherland of the University of Glamorgan in the U.K. The ongoing research is expected to be published in the International Journal of Liability and Scientific Enquiry.
Dardick said he obtained many of the hard disks he studied on eBay. Others were purchased in private stores. They came from the U.K., North America, Germany, Australia, Europe and Asia.
Researchers found that one-third of the disks they analyzed this year had been wiped clean, as opposed to 45 percent last year.
Dirdick said he hopes the study will illustrate that companies should expunge hard drives of sensitive data before getting rid of them. Additionally, it highlights the need for asset control within companies, he said.
“Companies have to be held accountable for where they stored customer data and where it's held today,” Durdick said.
See original article on scmagazineus.com