Secure Wipe of the Hard Drive: “Deleted” Data that is not completely Deleted
Written by Simon and Judy
A PC generally keeps most of the data stored on it whether it has or hasn’t been deleted, up to the moment of being disposed if no complete erasure is done. It is common for people to tend to think “erase” or “delete” in Windows means that the file is gone forever and unrecoverable. People with a bit more security awareness feel comfortable after they format all data of partition before disposing the PC. However, it is common sense that deleted and formatted data in Windows can be easily recovered by using simple recovery software that are easily accessible on the Internet.
In the United States and the U.K., they are famous for their stricter industry standard, government regulations, and laws in comparison with other countries. The following data leakage from used disk relating to government organizations reminds us the importance of completely wiping disk drives.
In 2009, the United States department of Veteran Affairs had one of their hard drives fail, which contained records of millions of U.S. veterans. Without destroying the data first, they sent the failing hard drive back to the vendor for repairs, risking potential data breach that could have affected 760,000 people. This accident is claimed to be the single largest release of personally identifiable information by the government in history.
In 2010, there was a sensitive case with NASA’s preparation for the end of the space shuttle program. Selling their surplus of supplies, old computers were on the list. However, fourteen computers from the Kennedy Space Center failed tests to determine whether they were properly sanitized of sensitive and confidential information. Ten of the computers had already been released to the public at that point, creating a serious data security issue and breaches to NASA’s IT security practices. Information on the computers could have helped hackers gain access to NASA’s internal computer network.
Also in 2010, an army officer, Captain Robert Sugden sold his broken laptop for “spare and repair” parts for around $32 USD. However, the laptop contained military secret files such as troop numbers, patrol details, ammunition stock lists and locations of police command posts, none of which required passwords. Such information could be fatal if put it was in the hands of terrorists. When the shocked buyer returned the laptop to the U.K.’s Ministry of Defense, it was also discovered that the laptop contained hundreds of photos and names, risking the lives of those that joined the Afghan National Police and Afghan National Army.
In the previous mentioned cases, it was fortunate that the government authorities went ahead with inspection and prevented the data from being leaked and misused by other parties. There are cases where those who were not wary of the dangers of data leakage from a used hard disk. The two U.S. cases mentioned above were only discovered because of an audit done by the government while in the case of the U.K., a buyer let the government know of the situation. It is reasonable to say that there are many potential cases out there that can lead to great risk just like the ones brought up in this entry.
In 2008, an illegal content distribution scandal took place in Hong Kong, China. Although this case does not involve the government, it does involve an individual’s privacy. Dubbed the “Edison Chen Photo Scandal,” a personal computer was sent in for repairs where hundreds of private photos were taken, copied, and distributed without consent, allegedly by the computer repair shop. The PC’s owner, Edison Chen stated that the photos that were distributed were deleted before being sent in for repairs, but with the advancement and accessibility of data recovery technology, about 1,300 of Chen’s sexual and celebrity photos were recovered, taken and copied, only to be distributed for the world to see. This case severely damaged his reputation and his career in China.
Over 250,000 used computers and over 100,000 used laptops are waiting to be sold on Ebay by the end of April 2013. Many people carefully erase the data by deleting files and reformatting the hard drive to feel more secure when selling the computers. This blog entry was created to raise data security awareness to prevent such data leakage incidents, which may creep up on us someday.