Home Industry Market Data breach problem as recycled computers reveal all
Recycled computers - Wikimedia Recycled computers - Wikimedia

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Job Function:
Australian State:
Email marketing by Interspire
weebly statistics

Confidential personal and company information including medical records, legal matters, financials, the entire contents of an email inbox and personal mail from a Justice of the Peace are just some of the confidential data found on the hard drives of recycled computers.

The revelation that Australians at both a personal and organisational level are discarding their old computers without wiping all data from their hard drives comes from a two-month study commissioned by global, non-profit data protection agency, the National Association for Information Destruction (NAID).

“For the organisations recycling their drives, this is a data breach problem. For individuals, some of their most private information is at risk,” says NAID CEO Bob Johnson.

NAID randomly purchased 52 recycled computer hard drives from a range of publicly available sources, such as eBay and then asked forensic investigator, Insight Intelligence, to determine whether confidential information was on those drives.

Johnson says the study showed that of 15 of the 52 hard drives purchased, approximately 30% contained highly confidential personal information.

And, while seven of the 15 devices had been recycled by individuals, Johnson said eight had been recycled by organisations, including law firms operating in Victoria and Queensland, a government medical facility, and a community centre.

“All of these firms have a legal obligation to protect the public’s information,” Johnson says, pointing out that the results are “even more alarming given the new Privacy Act reforms that will be effective on 12 March, requiring organisations to up the ante with respect to managing and safeguarding people’s personal information.”

“The study is rather simple. The procedure used to find the information is intentionally very basic and did not require an unusually high degree of technical heroics. Had the data been properly erased, it could not have been found.”

According to NAID, Information on the hard drives included spreadsheets of clients’ and account holders’ personal information, including names, addresses, account numbers, confidential client correspondence, billing information, and personal medical information such as diagnoses, treatment, and prognoses.

“Where the computer hard drives had been previously owned by an individual they more often contained their most confidential personal details, including images of a highly personal nature and account information,” Johnson says.

“Specific examples included, one drive containing detailed legal case records of a difficult family dispute, another with an entire email box with numerous emails and attachments relating to the inner most workings of a medical facility as well as one with signed documents granting access to business and personal mail from a Justice of the Peace.”

“While it might be tempting to dismiss these results given the sample size,” said Johnson, “it is actually very disturbing. When you consider that the Australian Bureau of Statistics most recent estimates put the number of computers retired annually at over 15 million, the likely amount of private data put at risk in this manner is staggering.”

“People from anywhere in the world can buy these drives online, and you can be sure the ‘bad guys’ amongst them know how to use the information for evil. With the viral nature of social media, one can only imagine what could happen if someone decided to share any highly personal images and videos they have found on these drives.”

According to Insight Intelligence Managing Director, Mario Bekes, another “troubling finding,” was that often, where personal information was found, there were “telltale indications that someone had attempted to remove the information but failed to effectively do so.”

Bekes stresses that proper removal of data from computer hard drives “requires more than just pressing the delete button.”

“Even if they try to do it properly, private individuals and businesses take a big risk by attempting to erase hard drives themselves. It is not really a do-it-yourself project.”

Bekes also encourages consumers and businesses to be careful when selecting a recycling service.

“It’s a noble idea to recycle a computer, tablet or smartphone. But it’s important to know the recycling company has the proper technical expertise and takes data destruction seriously. Unfortunately, many recyclers treat data removal rather casually.”

Johnson says NAID is no stranger to similar investigations of recycled computers, pointing out that one year ago another study it commissioned found banks and doctors’ offices were frequently discarding confidential records into commercial rubbish bins. The organisation has also commissioned similar research in the United States, Canada, and Europe.  
“The effective disposal of confidential information is an issue that is easily overlooked,” Johnson said.

“We consider it a public service to remind policymakers and consumers of this ongoing vulnerability. Unfortunately, those who capitalise on easy access to this information are already aware of it.”

According to Johnson, NAID has offered to provide a detailed report of the results, as well as the hard drives themselves, to the Office of the Australian Information Commissioner (OAIC) to facilitate an official regulatory inquiry.

“Should the OAIC decline, the association will ensure the hard drives are securely destroyed to protect those put at risk,” Johnson concluded.


Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!



Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup


Peter Dinham


Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).