April 26, 2012, 3:34 PM —
A British study showing two thirds of used hard drives available on the open market contain enough personal data to allow the previous owner's identity to be stolen isn't just a warning to be careful about what hardware you throw away.
It's a warning to be careful what you leave behind on someone else's hard drives when you switch cloud providers or even move around virtual servers and storage within an existing cloud.
A study published this week recounts the findings of Britain's Information Commissioner's Office (ICO) which investigated the "dirty disk" problem by ordering 200 hard drives, 20 flash drives and 10 cell phones from a range of web sites.
Using ordinary file-access software, not specialized PC forensics, the ICO was able to recover 34,000 files with personal or business data. Only 38 percent of the flash and hard drives had been wiped effectively; 14 percent contained data but were unreadable. Thirty-seven percent held non-personal information and 11 percent held the mother lode for identity thieves – enough personal data to steal the identity of the unit's previous owners.
Four machines held extensive personnel and business data on clients and employees, including health records and financial data.
Another British study, conducted by the Cyber Security Research Institute and published in September, 2011, corroborates the findings of the ICO study, but on a much larger scale.