Computer's worth of data left on hard drives

University of Otago PhD graduand Dax Roberts warns against leaving sensitive information on hard...
University of Otago PhD graduand Dax Roberts warns against leaving sensitive information on hard drives when disposing of computers. Photo by Peter McIntosh.
When it comes to computer security, let the seller beware.

Dax Roberts has recently completed University of Otago PhD research which highlights the risks of private information falling into the wrong hands after computers are sold or thrown out.

His research was the first of its kind undertaken in New Zealand with second-hand hard drives.

And the study showed 24 hard drives, out of 100 bought by researchers from throughout the country, still contained ''concerning'' private information.

''Concerning'' information on 13 of the hard drives could be retrieved without any special efforts, simply by plugging the equipment in to the wall.

And sensitive information could be retrieved from 11 other hard drives by using specialised computer tools.

Mr Roberts this week urged greater awareness of the security risks and said hard drives should be fully ''wiped'' before being sold.

International research showed individuals and companies in other countries did not always remove data from computer data storage devices before disposing of them.

This still-accessible personal computer's worth of data provided ''a wealth of personal or corporate information that can be exploited to commit such crimes as identity theft, fraud, stalking and blackmail'', Mr Roberts said.

He was concerned that sensitive data had been found on hard drives from four high schools, all outside the Otago region, by using specialised tools in three cases.

Data included ''absence notes'', other private information about minors, and school budgets.

Some hard drives disposed of by companies contained data about sales, high-achieving staff, future promotions, and even number combinations for opening locks.

No hard drives from government agencies had been found, and he noted that the New Zealand Information Security Manual outlined the appropriate way for such agencies to dispose of storage devices.

All private data found in the study had since been wiped, he said.

Mr Roberts, an Otago graduate who grew up in Dunedin, will graduate from Otago University again, with a PhD in information science, at a ceremony in Dunedin today.


Add a Comment