When information technology experts first sought and introduced paperless solutions for storing data in the late 20th century, the world rejoiced. There was a reason to celebrate, and there still is today – there are so many benefits to storing data digitally. Companies or organisations can carry out transactions more efficiently. People can run personal errands like pay bills or register information with just a few mouse clicks or taps on a screen. Today, it seems as though there is nothing you can’t do online – from selling products to learning a new skill, everything is accessible on the internet.
However, for all its advantages, digital data storage also comes with one big disadvantage: running the risk of a data breach. And one of the ways that companies and individuals become vulnerable to the exploitation of data (credit card fraud, identity theft, to name a few examples of data-related crimes) is when they dispose of, sell, or give away their devices.
Everything from laptops and phones to hard disks and servers can be picked apart to retrieve their previous users’ sensitive data. If you plan on getting rid of these pieces of equipment, make sure they go through secure data erasure first.
What is secure data erasure? What happens when the data in your devices or equipment don’t get wiped? In this article, learn about secure data erasure and instances where companies or organisations suffered from data breach.
Also referred to as data wiping or data destruction, data erasure refers to the software-based process of overwriting data to completely destroy all data stored in hard drives, servers, and other digital media. The process renders the data undiscoverable or unrecoverable. The equipment maintains full functionality after the data wipe.
Examples of Data Exposure due to Improper Handling of IT Assets
University of Florida, USA
In 2008, an assistant professor of plastic surgery at the University of Florida College of Medicine-Jacksonville saved photos of his patients and files containing their personal information (names, dates of birth, social security numbers, Medicare numbers) on his computer.
Later on, the doctor gave this computer to a family he was friends with without submitting the computer for secure data erasure. Thankfully, the computer’s recipient did not exploit the data found on the computer. All of the doctor’s patients’ data was permanently erased after the friend had the computer’s operating system replaced.
Even though the data was not exploited, the doctor was found to violate university policy for storing the data on his computer instead of a secure university-issued server and for transferring the unit to another person.
Agbogbloshie is one of the world’s biggest digital dumping grounds. Electronic waste from countries like the US, the UK, and Germany pile up there.
As the saying goes, one man’s trash is another man’s treasure. Young schoolboys scour the area for scraps of metal they can use. They burn old foam on top of computers to melt away the plastic and expose pieces of copper and iron, which they sell.
Others, like members of organised crime rings, comb through hard drives to recover data that is still stored there. A group who investigated this activity took a few of these hard drives to Ghana’s Regent University where a computer scientist read what the drive contained. He was later able to retrieve sensitive information: personal information, credit card data, records of online transactions, and more. In a separate incident, data from the US government was also recovered there.
This investigation was performed in 2011. Today, Agbogbloshie still remains to be a major dumpsite for the West’s e-waste.
In 2018, a Vancouver-based computer retailing company called NCIX caught fire when their used servers and hard drives were advertised on Craigslist, exposing thousands of customer and employee data. The privacy breach appeared to have occurred after NCIX closed its stores and retired its old servers. After NCIX went bankrupt in December of the previous year, its inventory was auctioned off, but it clearly did not go through a data wipe.
The pieces of equipment — some 300 desktop computers, 18 DELL Powerage servers, and two backup Supermicro servers running StarWind iSCSI Software — were then advertised on Craigslist. The servers had a price tag of up to $1,500 CAD.
Customer credentials, invoices, photographs of customer’s IDs, addresses, email addresses, phone numbers, IP addresses, and more sensitive information were found on these pieces of data storage equipment. NCIX failed to wipe or encrypt the data they had. The fiasco resulted in a class action lawsuit against NCIX.
Don’t let this Happen to You
Regardless if you sell or dispose of your used equipment or devices, first make sure that all the data they contain are wiped. At Eco IT Solutions, we offer data protection services such as secure data erasure. We use the data erasure software Blancco to ensure your device is 100% data wiped. We can perform secure data destruction services from our facilities in NSW, VIC, QLD, or WA, or we can go to your office or data centre instead.
Enquire about our services today. Call us at 02 8055 3775 or email us at email@example.com. You may also message us via our website’s enquiry form.