Buy One Device, Get Data Free: Private Information Remains on Donated Tech

Brooks Hoffman

A recent study published by security research firm Rapid7 found that almost all of the 85 devices it purchased from 31 different resale businesses still contained data – including credit card numbers, social security numbers, email addresses and other personally identifiable information.   The evaluated equipment included desktops, laptops, hard disk drives, cell phones, and removable media.  Despite concerns with data breaches, used media continue to enter the secondary market with the previous users’ information intact.

Some of the factors contributing to this ongoing problem include:  lack of security policies or enforcement of these policies, more diverse and complex data storage technologies, and, reliance on third parties that are more focused on reselling devices rather than securing the information on these devices.  This findings of the study underscore the importance of properly destroying all data on end-of-life IT assets.  Iron Mountain can help dispose of these assets in a secure and compliant manner.

Read more about this study here.



More in The Pulse of ITAD