A recent study into used storage devices such as memory cards, USB sticks and Hard Drives has been conducted by The University of Hertfordshire’s Cyber Security Centre to see how often used storage devices is bought and sold containing personal data from the previous owner.
The study involved purchasing 100 used storage devices from online auctions such as eBay and high street resale stores, then plugging those devices into a PC to see if any sensitive data remained from the previous owner.
The results of the research were staggering, 35 of the storage devices still had files on them that could be viewed by simply plugging them in. 65 appeared to be empty at first but upon second glance, the University of Hertfordshire research team were able to recover data 40 of those used storage devices, including photos and videos and documents for both personal and business-related work. Only 25 of the 100 used storage devices purchased had been wiped correctly.
By not correctly deleting files when selling a storage device, you can set yourself up for a variety of attacks ranging from identity theft to giving away information on your property and geolocation data.
So, how can you prevent others from retrieving your personal data from your used storage devices?
Deleting files from a drive will not erase the file itself, it only removes the indexing for that file so that it cannot be viewed. However, this data is still present until it is overwritten with a new file.
To remove files, use a tool like File Shredder or Disk Wipe instead of the “Right Click, Delete” approach. These tools not only remove the indexing for files, they also write over the data on the drive, a practice sometimes referred to as ‘Zero Filling’ whereby all data is replaced with a zero.