Firms put vital data at risk by lax disc disposal

Businesses are being urged to review their policies for disposing of old computer equipment after hard disc drives containing...

Businesses are being urged to review their policies for disposing of old computer equipment after hard disc drives containing sensitive business information were found for sale on the internet.

Researchers have recovered confidential information belonging to some of Europe's leading companies from hard disc drives on sale on eBay and other internet auction sites for as little as £5.

Customer lists, payroll files, personnel records and details of staff pension plans were easily accessible on hard disc drives which should have been wiped before they were thrown away.

The researchers claim they were able to read data from 70 out of 100 hard discs bought on the internet, even though the discs had been advertised as being "wiped clean" or reformatted.

One disc drive, which originated in one of Europe's largest financial services groups, contained access codes and administrators' passwords for the company's internal networks.

The codes could have been used by hackers or criminals to damage systems or blackmail the company, said Peter Larsson, chief executive of security firm Pointsec Mobile Solutions, which commissioned the research.

There is evidence that criminals are buying hard discs in order to blackmail companies, he said.

The researchers bought a lap-top through an internet auction which contained four Microsoft Access databases containing customer details of a large food manufacturer and 15 Powerpoint presentations containing sensitive financial information.

Their findings suggest that companies are failing to take adequate steps to delete data on their computer equipment before disposing of it.

Neil Barrett, security consultant with IMRG, said companies should ensure they have a policy in place for disposing of used equipment.

"Companies must have as part of their IT security policy an end-of-life procedure for equipment. The discs need to have a low-level reformat, which will erase the whole disc," he said.
This was last published in June 2004

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.