Study finds data on used electronics resold online

A new global data security study from Blancco Technology Group, Atlanta, and Kroll Ontrack, Minneapolis, found varying amounts and types of residual data on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and Gazelle.com. The study also found that residual data left on two of the secondhand mobile devices were significant enough to discern the original users’ identities. 

The study examined 122 pieces of secondhand equipment, including hard disk drives, solid state drive and mobile devices, purchased in the U.S., Germany and the U.K. between May 2015 and August 2015. It found that 48 percent of the hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35 percent of the mobile devices, according to the study.

A deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data, according to the study’s sponsors. “Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable, methods used, leaving sensitive information exposed and potentially accessible to cyber criminals,” the companies note in a news release announcing the study’s findings.

Paul Henry, IT (information technology) security consultant for Blancco Technology Group, says, “Whether you’re an individual, a business or a government/state agency, failing to wipe information properly can have serious consequences.”

Henry continues, “One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren’t always effective at removing data permanently, and they don’t comply with regulatory standards. There’s no better example of this danger than the findings of a recent state audit, which found that 12 U.S. state agencies responsible for handling taxes, programs for people with mental illness and drivers’ licenses used inadequate methods to attempt to wipe information.”

He adds, “The big lesson for both businesses and consumers is to understand which deletion methods are effective and comply with regulatory standards and, most importantly, to be cautious of blindly trusting that simply ‘deleting’ data will truly get rid of it for good.”

According to Blancco and Kroll Ontrack, the study’s findings “serve as a powerful warning about the importance of using effective data erasure methods and the need to mitigate security risks that may occur when done improperly or incompletely.”

Todd Johnson, vice president of Data Recovery Operations, Kroll Ontrack, says, “Manually deleting data or simply logging out of a mobile device app does not erase data from the device. Deleting data simply hinders the ability for the mobile device to locate the data—the actual data still remain and can be recovered.”

He continues, “In the case of hard drives and solid state drives, formatting to securely delete data can lead to varying results as each operating system performs the action differently. To successfully delete data to a state where it cannot be recovered, one must completely overwrite the data using reputable deletion software.”

Additional findings from the study include:

• Basic file-deletion commands leave hard disk drive users with a false sense of security. On four of the drives containing residual data, or 11 percent, only a basic delete was performed, meaning that the user simply deleted the file or sent it to the recycle bin. This left 444,000 files exposed.
• ‘Quick format’ and reformatting are common but unreliable tactics to wipe personal information clean from old hard drives. The companies’ analysis showed that ‘quick format’ had been performed on 61 percent of the drives with data still present.
• Data are difficult to delete and can easily resurface after mobile devices are resold. Fifty-seven percent of the mobile devices with residual data found on them had a deletion attempt made on them, which left 179 texts, 252 instant messages, 75 large photos and two SMS messages exposed.
• Leftover emails, text messages and instant messages can cause personal, financial and reputational damage to users and to their employers. A total of 2,153 emails and 10,838 texts/SMS/instant messages were retrieved from the mobile devices analyzed.
  
  

Blancco Technology Group is a leading, global provider of mobile device diagnostics and secure data erasure solutions.

Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities, as well as consumers, manage, recover, search, analyze, produce and present data efficiently and cost effectively.