scanners store sensitive information

Recent studies have found that many secondhand drives and office equipment with drives in them still contain data from their previous owner when they’re sold or disposed.

After analyzing drives purchased on eBay and from office equipment bought randomly from a reseller, a large amount of sensitive data was found including information like passport copies, medical records, paystubs, and copied checks.

Learn more about what how you can protect the information stored on your office equipment by watching the video or reading the transcript below.

Video Transcription

Leaving Data Leftovers

According to a recent study by the data removal company Blannco, many secondhand storage drives sold on eBay today still contain data from the previous owner, including personally identifiable information (PII) and other sensitive materials.

After purchasing 159 HDD and SSD storage drives on eBay from the US, UK, Germany, and Finland that covered brands like Dell, Samsung, and Seagate, Blannco analyzed them to see if any data could be recovered.

What they found was stunning: 66 (42%) of drives still contained data, and 25 (16%) of the drives had PII including names, addresses, birth certificates, and passport copies, meaning that for every 20 drives at least 3 still had PII.

The CBS Investigation

When CBS conducted a similar investigation, they purchased 4 used copiers from a reseller in New Jersey.

It took only 30 minutes to remove the hard drive from each machine, and once again the results were startling:

  • On a machine from the Buffalo Police Narcotics Unit, a list of targets in a major drug raid was found
  • On a machine from a New York Construction Company, there were design plans for a building near Ground Zero, 90+ pages of pay stubs with names, addresses and social security numbers, and $40,000 in copied checks still left on the drive
  • On a machine from Affinity Health Plan, there were 300 pages of medical records found (a major HIPAA violation), including information ranging from patient medications and blood test results to disability diagnoses

Where They Went Wrong

There are two main ways hard drives end up being disposed with data still on them.

One is that users just don’t know that copies of their files are being saved on their device, while on the other hand there are some who know about the risk but don’t take the sufficient steps to address it.

How It Happens

To help provide users with more advanced tools, modern scanners and printers are built with an internal hard drive to store a copy of the file.

However, sometimes technology can be one step forward and two steps back.

In many cases it’s the result of owners not being aware of how much potentially sensitive information their device has on board.

During Blannco’s study however, every seller insisted the appropriate steps had been taken to clear the drive by formatting them before they were sold.

Unfortunately though, formatting is only able to clear the index of a device and doesn’t permanently erase the file, which was compounded by the fact that formatting has no way of confirming to the user that the data is gone—helping to fuel the fire behind this common myth.

How to Avoid Making the Same Mistake

Now turning to your own situation, the question is how to prevent the same thing happening to you?

If reformatting isn’t the safest option, then what is the safest way to clear the data from my drives? What if I have a managed print service and my partner handles disposal?

Certificate of Destruction for Ultimate Security

Using Managed Print Services: Ask for a Certificate of Destruction

While selling equipment and the hard drives they contain is most common, there are convenient managed print services (MPS) where a partner company takes away devices for disposal.

Despite that though, equipment often goes to an unsupervised electronics graveyard with the drives still in them or instead the drives are removed, wiped down, and resold as “gently used”.

This means you should always ask for a certificate of destruction for each hard drive your MPS partner takes away.

The formal certificate details where, when, and who witnessed the destruction and can be used to hold partners legally accountable for the safety of your data.

Hard Drive Destruction

One of the most secure options for ensuring data is protected is to remove and physically destroy the internal hard drive.

Compared to alternatives like degaussing, hard drive shredding services are the most cost efficient ($4–$12 per drive) and easiest way to prevent sensitive information being left on old office equipment.

Need to Dispose Old Hard Drives?

Shred Nations partners with a nationwide network of secure hard drive destruction services. No matter what your shredding needs are, we can help you find the right provider. To get started, fill out the form on the right, give us a call at (800) 747-3365, or contact us directly with our live chat for a free, no-obligation quote from providers near you.

hard drive case study