11% of second hand hard drives contain personal information, study reveals

Old hard drivesBritain’s Information Commissioner’s Office (ICO) has discovered that more than one in every ten second hand hard drives contains recoverable personal information of the original owner.

The ICO commissioned the NCC Group to conduct the investigation, who acquired 200 hard drives, 20 USB sticks and 10 cellphones from internet auction sites and at trade fairs.

The devices were then scoured for personal data with alarming results.

In the case of the hard disks, 11 percent contained personal information. According to the ICO report, 37 percent contained non-personal information, and only 38 percent of devices had been wiped. A further 14 percent of the drives were too damaged to be readable.

Sign up to our free newsletter.
Security news, advice, and tips.

34,000 of the files examined contained personal or corporate information – including scanned bank statements, passports, birth certificates, employee information, full bank details, family photos, and tax and medical information.

Naked Security has talked before about the danger of sensitive information falling into the wrong hands because of unsafe disposal of hard drives.

We have even seen the details of a million bank customers sold on eBay on a hard drive costing £35.

Such incidents aren’t always the fault of the company who owned the hard drives, it can be that they’ve trusted a third party organisation to handle the secure disposal of assets. But it’s always us, the unfortunate member of the public, who is most exposed by the sloppy practice.

Although more and more companies do take a higher level of care when getting rid of old computer equipment, there’s clearly still more work to be done.

And don’t forget, on a personal level, when throwing out your creaky old Windows computer or Mac laptop to ensure that you have securely wiped it first to prevent your personal data falling into the wrong hands.

(Although there have been concerns raised recently that secure wiping may be less than effective when dealing with some modern SSD solid state disk drives).

Maybe, once again, it’s time for users and companies to consider the benefits of fully encrypting their hard drives as well as getting in the habit of securely wiping drives as they are junked?

Pile of hard drives image, from ShutterStock


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.