Dangers of Reselling Devices
A new study revealed dangers associated with reselling devices. The study found that seven out of ten devices are vulnerable to data breach and privacy risk when resold for second hand use. The researchers tested a total of 311 devices. These included 151 hard drives, 150 memory cards (such as SD cards), and 10 smartphones. The devices were purchased from resellers and analyzed to see if they still contained any personal information from their previous owners.
Data on 140 of the devices was accessible by simply connecting the device to a computer and browsing the files. This means 45% of the devices were resold with no precautions by the seller to protect and erase information. Data on another 82 devices showed up after using readily- available, DIY data recover software. Data on these devices had been deleted or reformatted. However these methods simply make room for new information or prepare a device for fresh use. They do NOT erase data and do not constitute data sanitization.
Out of the 311 devices, 196 still contained photos and videos. 50 held personal documents such as passports, visas, and other ID documents. 25 had business information including partner agreements, sales deeds, invoices and bills. And 9 devices still contained banking information such as checks, bank details, account statements, and credit card information. The implication is that individuals and businesses are at risk for a data breach if devices are not properly destroyed or sanitized when disposed of.
Risks To Individuals
- Identity Theft: In the wrong hands biometric data, medical information, identity documents, bank information, etc. can be used for various criminal activities.
- Privacy Violations: When photos, videos, contacts and messages fall into someone else’s hands.
- Security Threats: When information can be used to harass, stalk, extort, or cause other physical or emotional harm.
- Mistaken Attribution: Occurs when the buyer of a resold device unknowingly possesses illegal information that could be mistakenly linked to them instead of the previous device owner.
Risks To Businesses
- Breaches Of Business Critical Information: This would include intellectual property, finance reports, trade secrets, and so on.
- Breaches Of Employee Or Customer Information: This could result in penalties, lawsuits, brand damage and embarrassment.
How To Protect Yourself
- Be aware of the risks associated with reselling devices and understand that deleting and reformatting do not constitute sanitization, meaning the device has not been completely wiped of all data.
- Only donate, sell or recycle devices with trusted organizations. Ask questions about how the device will be reused and how any residual data will be erased.
- Businesses should have clear policies and procedures for sanitizing or destroying old IT assets.
- Businesses should also conduct regular security and privacy audits to make sure they are meeting the latest regulatory standards.
The life cycle for personal devices and IT assets is shortening while privacy legislation continues to expand. It is crucial that we are stay ahead of the curve and make wise decisions about media disposal. If you need help with secure media and hard drive destruction or e-waste and electronics recycling, contact DSS today.