What do medical records, X-rays, a fashion company’s business plan, details of bank transactions in Venezuela and the blueprints to the THAAD ground-to-air missile system have in common? They were all found on second-hand hard disk drives bought on the internet auction site eBay.
Research by British Telecom (BT) in association with the University of Glamorgan, Wales found that of 300 second-hand hard drives bought through eBay, car boot sales and computer parts resellers, 345 still contained some form of confidential data.
The most surprising find came from a hard drive bought on eBay containing details of test launch routines for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system. Also on the disk was information belonging to the system’s manufacturer, Lockheed Martin, including blueprints of facilities and personal data on workers, including social security numbers.
On another disk, confidential medical information of patients at two NHS hospitals in Lanarkshire, Scotland was uncovered.
Also found amongst the 300 separate disks were business plans about a well known UK-based fashion company, including customer details and discount codes, corporate design plans from a major motor manufacturing company and bank account numbers for a major US bank.
This year’s revelations came in the fifth annual report produced by the University of Glamorgan, in which time the volume of drives containing sensitive data has fallen from a half to little over a third. Despite this, the actual volume of data potentially exposed has seen a notable increase, as has the potential sensitivity of that data.
Computer users planning on selling any unused computers, hard drives or any other forms of memory are advised to ensure that all data is removed and if possible, sell any old PCs without a hard drive.