Thursday, 20 February 2014 15:49

Data breach problem as recycled computers reveal all

Recycled computers - Wikimedia Recycled computers - Wikimedia

Confidential personal and company information including medical records, legal matters, financials, the entire contents of an email inbox and personal mail from a Justice of the Peace are just some of the confidential data found on the hard drives of recycled computers.

The revelation that Australians at both a personal and organisational level are discarding their old computers without wiping all data from their hard drives comes from a two-month study commissioned by global, non-profit data protection agency, the National Association for Information Destruction (NAID).

“For the organisations recycling their drives, this is a data breach problem. For individuals, some of their most private information is at risk,” says NAID CEO Bob Johnson.

NAID randomly purchased 52 recycled computer hard drives from a range of publicly available sources, such as eBay and then asked forensic investigator, Insight Intelligence, to determine whether confidential information was on those drives.

Johnson says the study showed that of 15 of the 52 hard drives purchased, approximately 30% contained highly confidential personal information.

And, while seven of the 15 devices had been recycled by individuals, Johnson said eight had been recycled by organisations, including law firms operating in Victoria and Queensland, a government medical facility, and a community centre.

“All of these firms have a legal obligation to protect the public’s information,” Johnson says, pointing out that the results are “even more alarming given the new Privacy Act reforms that will be effective on 12 March, requiring organisations to up the ante with respect to managing and safeguarding people’s personal information.”

“The study is rather simple. The procedure used to find the information is intentionally very basic and did not require an unusually high degree of technical heroics. Had the data been properly erased, it could not have been found.”

According to NAID, Information on the hard drives included spreadsheets of clients’ and account holders’ personal information, including names, addresses, account numbers, confidential client correspondence, billing information, and personal medical information such as diagnoses, treatment, and prognoses.

“Where the computer hard drives had been previously owned by an individual they more often contained their most confidential personal details, including images of a highly personal nature and account information,” Johnson says.

“Specific examples included, one drive containing detailed legal case records of a difficult family dispute, another with an entire email box with numerous emails and attachments relating to the inner most workings of a medical facility as well as one with signed documents granting access to business and personal mail from a Justice of the Peace.”

“While it might be tempting to dismiss these results given the sample size,” said Johnson, “it is actually very disturbing. When you consider that the Australian Bureau of Statistics most recent estimates put the number of computers retired annually at over 15 million, the likely amount of private data put at risk in this manner is staggering.”

“People from anywhere in the world can buy these drives online, and you can be sure the ‘bad guys’ amongst them know how to use the information for evil. With the viral nature of social media, one can only imagine what could happen if someone decided to share any highly personal images and videos they have found on these drives.”

According to Insight Intelligence Managing Director, Mario Bekes, another “troubling finding,” was that often, where personal information was found, there were “telltale indications that someone had attempted to remove the information but failed to effectively do so.”

Bekes stresses that proper removal of data from computer hard drives “requires more than just pressing the delete button.”

“Even if they try to do it properly, private individuals and businesses take a big risk by attempting to erase hard drives themselves. It is not really a do-it-yourself project.”

Bekes also encourages consumers and businesses to be careful when selecting a recycling service.

“It’s a noble idea to recycle a computer, tablet or smartphone. But it’s important to know the recycling company has the proper technical expertise and takes data destruction seriously. Unfortunately, many recyclers treat data removal rather casually.”

Johnson says NAID is no stranger to similar investigations of recycled computers, pointing out that one year ago another study it commissioned found banks and doctors’ offices were frequently discarding confidential records into commercial rubbish bins. The organisation has also commissioned similar research in the United States, Canada, and Europe.  
“The effective disposal of confidential information is an issue that is easily overlooked,” Johnson said.

“We consider it a public service to remind policymakers and consumers of this ongoing vulnerability. Unfortunately, those who capitalise on easy access to this information are already aware of it.”

According to Johnson, NAID has offered to provide a detailed report of the results, as well as the hard drives themselves, to the Office of the Australian Information Commissioner (OAIC) to facilitate an official regulatory inquiry.

“Should the OAIC decline, the association will ensure the hard drives are securely destroyed to protect those put at risk,” Johnson concluded.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments