Researchers have recovered confidential information belonging to some of Europe's leading companies from hard disc drives on sale on eBay and other internet auction sites for as little as £5.
Customer lists, payroll files, personnel records and details of staff pension plans were easily accessible on hard disc drives which should have been wiped before they were thrown away.
The researchers claim they were able to read data from 70 out of 100 hard discs bought on the internet, even though the discs had been advertised as being "wiped clean" or reformatted.
One disc drive, which originated in one of Europe's largest financial services groups, contained access codes and administrators' passwords for the company's internal networks.
The codes could have been used by hackers or criminals to damage systems or blackmail the company, said Peter Larsson, chief executive of security firm Pointsec Mobile Solutions, which commissioned the research.
There is evidence that criminals are buying hard discs in order to blackmail companies, he said.
The researchers bought a lap-top through an internet auction which contained four Microsoft Access databases containing customer details of a large food manufacturer and 15 Powerpoint presentations containing sensitive financial information.
Their findings suggest that companies are failing to take adequate steps to delete data on their computer equipment before disposing of it.
Neil Barrett, security consultant with IMRG, said companies should ensure they have a policy in place for disposing of used equipment.
"Companies must have as part of their IT security policy an end-of-life procedure for equipment. The discs need to have a low-level reformat, which will erase the whole disc," he said.
This was first published in June 2004