Private Information Remains on Resold and Donated Technology

A researcher from cybersecurity company Rapid7 has published the results of six months of research into whether businesses that sell refurbished computers or accept donated items follow through on their promises to wipe them of data. With a total of $600, he bought 41 computers, 27 removable media devices (e.g., flash drives and memory cards), 11 hard disks, and 6 cell phones. While he could not get any extract any data from the cell phones (due mostly to their age), only two out of the 85 other devices had been erased properly. Once into the devices, he was able to extract a trove of data, including personally identifiable information (PII) like dates of birth, social security numbers, passport numbers. These findings demonstrate the importance of wiping devices of data yourself rather than relying on a company they’re being sold or donated to for this. The article refers to several guides for how to do this as well as ways to permanently destroy devices. Read the article at Rapid7.