A third, or 34 per cent, of disused hard drives still contain confidential data according to a new study, which found missile defence system data and media records on ebay purchases.
The study, sponsored by BT and Sims Lifecycle Services, researched by Wales’ University of Glamorgan, America’s Longwood University and Australia’s Edith Cowan University, also dug up secret data from the German Embassy in Paris and business dealings from a US bank.
Around 300 hard drives from he UK, America, Australia and other countries, bought through computer auctions and on eBay were studied.
“It is clear from the sensitive information revealed by this study that a wide range of organisations, businesses and individuals all over the world are fundamentally failing in their duty to properly manage sensitive data when their IT equipment passes outside of their control,” Sims Recycling Solutions Kumar Radhakrishnan said.
“It is vital to realise that residual data can still be accessed years after the equipment has been discarded and in the wrong hands could have not only financial consequences but potential implications for national security,” Radhakrishnan added.
The study’s most prominent discovery was that of a disk revealing details of test launch procedures for the Terminal High Altitude Area Defence (THAAD) ground to air missile system.
The disk also contained security policies, facility blueprints and employee social security numbers belonging to the system’s designer, aerospace manufacturer Lockheed Martin.
In Australia, a disk belonging to a nursing home was found, containing pictures of patients wounds.
A recent Verizon Business forensic data breach report found that data loss via portable hard drives accounted for one in 150, from a total of 285 million record breaches, and according to Mark Goudie, Verizon Business’ managing principal for investigative response in Asia Pacific, these numbers are insignificant.
“There is a lot of hype about the dangers of data leaks by portable media like USBs and laptops,” Goudie told CSO.
An investigation is currently underway at Lockheed Martin, and a spokesperson told Britain’s Telegraph that the company was not aware of any compromise of data related to the THAAD system.
"Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.