A Lesson We Can All Learn From

Ralph DeFrangesco

A friend of mine sent me a link to an interesting article over the weekend and insisted that I write a post on it. He said that it had the potential to affect a lot of people. I read the article and sure enough, I have to agree with him. Besides, who am I to turn down a steady reader of my work?


Kessler International, a company that specializes in computer forensics, published a study that showed that sensitive information, including personal and private data, was left on over 40 percent of the hard drives sold on eBay.


Kessler purchased hard drives randomly from eBay and found that they were able to retrieve data off of the drives. The types of data Kessler was able to recover included:


- Personal and confidential documents, including financial information (36%)

- E-mails (21%)

- Pictures (13%)

- Corporate documents (11%)

- Internet browsing histories (11%)

- DNS server information (4%)

- Miscellaneous data (4%)


In 2006, a 1 GB flash drive that contained military secrets was sold in a bazaar in Afghanistan for $40. The flash drive belonged to a member of the Army's 7th Special Forces Group (Airborne), based at Ft. Bragg, N.C. The drive contained military documents marked as secret. The files contained data on various subjects ranging from the location of a safe house, escape routes into Pakistan, and bounties paid for the arrest of Taliban and Al Qaeda fighters.


As recently as 2008, customer banking data was found on a hard drive that was sold on eBay. The drives contained information on several million banking customers and involved the Royal Bank of Scotland and its subsidiary, Natwest.


There is no shortage of stories. Back in December, I made a post that advised people to shred their disk when they reach end of life or when damaged. I have tried disk-wiping software with mixed results. Today, I still stand by my recommendation to shred disks before disposing of them. My other recommendation is that if you cannot afford to shred your disks, do not, under any circumstances, sell them or give them away. I think that we can all learn from the Kessler study.

Add Comment      Leave a comment on this blog post
Mar 10, 2009 11:26 AM Hank Hank  says:


Thank you so much for bringing this to the attention of the Information Technology world. I think it's very important for IT professionals to know that they could potentially be leaving data on devices that are sold on these sites.


Mar 14, 2009 10:36 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Hank


Since I have made this post, I have had two people tell me that they have both found USB drives that contained personal information from previous owners. Sometimes you just have write about it to get people to tell you a story.



Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.