Data erasure specialists Blancco Technology Group and data forensics firm Kroll Ontrack looked at 122 different second hand mobile handsets, hard disk drives and solid state drives purchased at random from Amazon, eBay and Gazelle.com.
Far from being wiped clean, nearly half of the SSDs and hard disks contained residual data, while thousands of leftover emails, call logs, texts, instant messages, photos and videos were retrived from 35% of the mobile devices.
But what’s worse is that on 57% of mobile devices and 75% of the hard disks examined and found to still contain data, someone had ‘deleted’ it.
In many cases, a basic delete isn’t enough to actually clean hard disks. And reformatting is not a reliable method either – the test showed that the ‘quick format’ method had been performed on 61% of the drives that still held data.
On a mobile phone, data is even more difficult to delete – a total of 2,153 emails, and over 10,383 texts and instant messages were retrieved from the mobile devices analysed.
As Paul Henry, IT security consultant for Blancco Technology Group, explains, leftover emails, text messages and instant messages can cause personal, financial and reputation damage to users and their employers.
‘Whether you’re an individual, a business or a government/state agency, failing to wipe information properly can have serious consequences,’ said Henry. ‘One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren’t always effective at removing data permanently and they don’t comply with regulatory standards.’
There’s no better example of this danger than the findings of a recent state audit, which found that 12 US state agencies responsible for handling taxes, programs for people with mental illness and driver’s licenses used inadequate methods to attempt to wipe information.
‘The big lesson for both businesses and consumers is to understand which deletion methods are effective and comply with regulatory standards and, most importantly, to be cautious of blindly trusting that simply ‘deleting’ data will truly get rid of it for good.’
Another startling finding was that the residual data left on two of the second-hand mobile devices were significant enough to discern the original users’ identities.
Together, all of the study’s findings serve as a powerful warning about the importance of using effective data erasure methods and the need to mitigate security risks that may occur when done improperly or incompletely.
‘Manually deleting data or simply logging out of a mobile device app does not erase data from the device,’ warnsTodd Johnson, vice president of Data Recovery Operations, Kroll Ontrack.
‘Deleting data simply hinders the ability for the mobile device to locate the data – the actual data still remains and can be recovered. In the case of hard drives and solid state drives, formatting to securely delete data can lead to varying results as each operating system performs the action differently. To successfully delete data to a state where it cannot be recovered, one must completely overwrite the data using reputable deletion software.’