59 percent of secondhand hard disks sold on marketplaces like eBay are not properly wiped and still contain data from their previous owners, according to a new study by the University of Hertfordshire and commissioned by Comparitech.
We purchased 200 used hard drives from online marketplaces, secondhand shops, and conventional auctions: 100 in the USA and 100 in the UK. University researchers then performed forensic analysis to determine whether any attempt had been made at deleting the contents of the drive and whether those attempts were successful.
We uncovered a wide range of sensitive and private information left by previous owners. The remnant data included, among other things, employment and payroll records, family and holiday photos, business documents, visa applications, resumes and job applications, lists of passwords, passport and driver’s license scans, tax documents, bank statements, and lists of students attending senior high schools.
The information stored on the drives could be used by criminals for any number of purposes ranging from blackmail to identity theft.
Here’s a breakdown of the 200 hard drives analyzed:
- 26% were properly wiped and no remnant data could be recovered
- 26% had been formatted, but data could still be recovered with minimal effort
- 17% contained deleted data that could easily be recovered
- 16% of the hard disks appeared to have no attempt made to remove the data
- 16% were not accessible and could not be read
As we’ve found in previous studies, the problem is not that disks aren’t being wiped before resale, but that they aren’t being wiped properly. More on that below.
What data was recovered from the hard drives?
Researchers grouped the contents of the hard drives into five categories: photos, audio and video, sexualized content, personal documents, business documents, and CVs.
Photos and documents made up the bulk of the data recovered. Some notable examples include:
- Employer payment records
- Photos of soldiers in the Middle East
- Plans and documentation for Army barracks
- Visa applications for trips to China and India
- A debt collection notice
- Passport scans
- Driver’s license scans
- Expense returns
- Bank statements and utility bills
- A copy of a speeding citation for the US
- Intimate photos
- A spreadsheet with the names and personal details of 113 people
- Completed tax documents (P60, W-9)
- Employment applications and CVs
One notable trove that researchers unearthed included several documents from a senior high school including an annual performance report for the school, a list of student names, a letter from a special education supervisor with full contact details, daily bulletins naming staff, a faculty meeting agenda, a track team roster, and pictures of houses and possibly students.
All of that data was deleted—but not permanently wiped—from memory.
A mistake that researchers say is all too common.
US vs UK
An even number of drives were purchased for the study in the UK and US.
29 percent of the UK disks showed evidence of permanently removed data, compared to just 23 percent in the USA.
An equal number of drives from both countries showed no signs that any attempt was made to clear out old data.
In many cases, the drives had been formatted or deleted, but data was still recoverable. 37 percent of the UK drives were formatted compared to just 14 percent in the US. In contrast, American sellers were more than twice as likely to attempt simple deletion than UK sellers. In the end, neither approach worked.
Overall, data could easily be recovered from 54 percent of the US disks, and 63 percent of those from the UK.
Remnant data is a growing problem
Comparing the results from the hard drives purchased in 2018 to a similar study in 2007, researchers observed a rising trend in recoverable remnant data left on secondhand hard drives. Here’s a breakdown comparing the two studies, roughly a decade apart:
In 2018, far more disks sold on the secondhand market contained recoverable data from previous owners than in 2007. That being said, a much larger portion of the 2007 hard drives were unreadable altogether.
Why data remains on secondhand hard drives
Ignorance or apathy?
The majority of the hard disks examined in this study were purchased singly save for a small number of occasions when they were purchased in small lots as the seller had more than one card for sale at the same time. That tells us the problem is fairly widespread, and not from a single source.
Researchers say end users are still not well-informed enough on the risks of failing to permanently remove data from a hard drive before selling or discarding it.
“This study would indicate that despite the high level of media exposure of the issue and the advice from a range of sources from government, the news media and security product vendors, the sellers are either not aware of the warnings, not responding to them or disregarding them. While the sellers had, in some cases stated that the disks had been formatted or wiped, in other cases they had included a disclaimer saying that there may be data present and that the buyer should remove it.”
How to securely wipe a hard drive
The issue is not that secondhand sellers don’t attempt to wipe hard drives, it’s that they fail to do so properly, the report explains.
It’s an easy mistake to make if you’re not aware that:
- “Deleting” a file does not obliterate the ones and zeros that make up a file on a hard disk. It merely removes the reference point to where a computer can find the file. When you highlight a file and hit the Delete key, for example, the file will actually remain there until it is overwritten.
- “Quick formats” can also be inadequate, despite what some other sources may tell you.
- Retired cards need to be fully erased and reformatted. A full format is the best way to permanently wipe data from a hard drive.
Although none of the hard drives in this study were SSDs, researchers explain remnant data isn’t just an issue for traditional hard disks. SSDs also distribute data evenly over the entire disk so that they wear down evenly, which can exacerbate the problem.
Researchers say this study will be repeated in the future.
“The problems arising from the disposal of hard disks are only likely to increase as the size of the media continues to increase, and the potential grows for greater volumes of personal and sensitive data to be exposed.”
Read this guide if you want more details about how to securely wipe any hard drive, whether it’s Mac or Windows, iOS or Android, HDD or SSD.