Forensics Firm Finds Private Data on Drives Sold on EBay
A New York computer forensics firm said that 40 of 100 hard disk drives it recently purchased in bulk orders on eBay contained personal information, including corporate financial data, DNS server information, and personal e-mail and photos.
Kessler International said it purchased and evaluated the 40GB to 300GB PC drives from U.S. and Canadian sellers over a six-month period that ended late last month.
"We were surprised with the percentage of disks that we found data on," said Kessler CEO Michael Kessler. "We expected most of the drives to be wiped -- to find one or two disks with data. But 40 drives out of 100 is a lot."
Kessler's engineers had to use special forensics software to retrieve data from some of the hard drives. In other cases, however, sensitive information had not been overwritten or erased by the sellers.
The researchers had expected to find personal information of individuals, "but we were surprised by all the corporate spreadsheets and business finance records we found," Kessler noted.
IDC analyst Charles Kolodgy suggested that users selling old PCs format their drives and use overwrite tools. Companies selling large disk drives on eBay should use industrial degaussers to erase all data, he added.
This version of the story originally appeared in Computerworld 's print edition.