17 Feb 2005
Highly-sensitive information such as passwords and user names of company executives has been found on used computer disk drives bought on eBay.
Researchers at the University of Glamorgan analysed some 100 randomly-sourced PC hard disks, and discovered that more than half contained data from organisations such as multinational companies, universities and a primary school.
Data on the disks included:
* staff records, passwords, internal emails and financial details
* school reports, a list of pupils, and letters to parents
* a document template for university degree certificates.
Attempts had been made to destroy data on nearly half the disks in the study, but significant material remained intact.
'On at least seven of the disks that I have seen there was enough information to allow a hacker to get into an organisation,' said Dr Andy Jones, security research group leader for BT Exact, who examined the disks.
The government issues guidelines to businesses and public bodies on the proper disposal of computer equipment, much of it freely available online.
But the University of Glamorgan research, seen exclusively by Computing, suggests that even the most diligent organisations can still be affected.
Information from Swedish insurance company Skandia was uncovered, even though the firm invests in data destruction. 'This is not embarrassing for us, it's absolutely horrifying,' said a Skandia spokeswoman.
'We pay to have our data wiped thoroughly, so we are going to have to investigate to discover how it happened and make sure it does not happen in the future.'
Southampton University says it has launched an investigation, after passwords and staff emails were discovered by the research. The university uses a specialist company to wipe disks before disposal of equipment.
'We need to find out what happened and ensure it doesn't happen again,' said a spokeswoman.
Agrochemicals company Monsanto says it will investigate how details of crop research from its Cambridge offices was found.
'We assume this is an isolated incident which has arisen during the restructuring of our Cambridge offices, when a number of IT items were disposed of at the end of their working lives,' said a spokesman. 'It seems a serious lapse in our procedures for the disposal of surplus IT kit has occurred.'
Computing has requested that all disks and data recovered by the University of Glamorgan research are returned to their original owners or destroyed.
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
