Wave Systems Corp. (fka WAVXQ)

[Genz2]

Buying a second-hand hard drive on eBay? You've got a 'one in two' chance of finding personal info still on it

https://www.theregister.co.uk/2019/04/25/ebay_data_drives/

Troves of deleted data lingers on disks... according to this 'ere study, anyway

You would think that, with computers dominating every aspect of our lives, people would be aware that storage devices can retain information even after clicking "Empty Recycle Bin".

Not so, according to research by Finnish data removal specialist Blancco. The company purchased 159 random used drives on eBay in the US and Europe, and found that 42 per cent (or 67 devices) enabled anyone with basic IT literacy to access the data stored by their previous owners. A whopping 15 per cent contained personally identifiable information that could be used by cyber criminals.

Even more shocking are the contents of some of the drives. One, evidently belonging to a software developer with a high level of government security clearance (who really should have known better), contained scanned images of family passports and birth certificates, CVs and financial records. Another had 5GB of archived internal office email from a major travel company.

There was a drive that stored 3GB of records from a freight company, along with documents detailing schedules and truck registrations, and a drive from a school, filled with photos and documents mentioning pupils' names and grades.

Here's the interesting bit: Blancco claims that each seller it interacted with as part of the process stated that the proper data sanitization methods had been performed. Reminder: Blancco flogs data-removal tech so please grab the necessary handfuls of salt required with these findings.

"Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data," said Fredrik Forslund, cloud and data erasure veep at Blancco.

"By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members. It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed."

Awareness of data wiping techniques is growing, but slowly. Blancco conducted a similar experiment in 2016, when it purchased 200 used drives and was able to extract data from 67 per cent.

Deleting a file typically only removes references to the object from the filing system, so that the file or directory appears to disappear from view, but the actual information still remains on the disk to be overwritten later. Your mileage may vary, depending on your operating system and filing system.

The only reliable method of exorcising ghosts of information on a working drive is to overwrite it with new data, or a random mix of ones and zeroes. Or use an encrypted file system or drive and then throwaway or randomize the key.

If that sounds too complicated, nothing makes sure data is truly gone like taking a good old-fashioned angle grinder or industrial shredder to your storage device. Oh, there's also degaussing for hard drives and tape, if you own a device that can generate a strong magnetic field. Or melting it down.

If you're looking for an exotic solution for your supervillain lair, Chinese storage company MemxPro will sell you SSDs with a physical self-destruct button. ®
=================================================================
This article shows the enormous value of the crypto-erase feature in Wave SED management when selling an old SED hard drive or retiring it altogether. Its a great reason for organizations to use SEDs over regular hard drives!!
=================================================================

https://www.wavesys.com/products/wave-self-encrypting-drive-management

Excerpts:

Enterprises choose Wave to manage SEDs

Why? From our single console, you can manage all your organization’s self-encrypting drives (SEDs) easily and remotely, whether they number in the hundreds, or hundreds of thousands.

SEDs are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to encrypt. They also perform this encryption in the hardware of the drive, so you don’t end up with the performance issues software full-disk encryption is infamous for. SEDs are available as HDD or SSD, and are sold by most major drive manufacturers.

Wave’s management solution delivers remote drive initialization, user management, drive locking, user recovery and crypto-erase for all Opal-based, proprietary and solid-state SEDs.