When you are done with your computer, what happens to your hard drive? When you properly recycle a computer, no one in the recycling crew is going to wipe that hard drive for you, unless you have made specific arrangements for that to happen. For example, my friends at Renovo Data Services in Eden Prairie MN will destroy your hard drive if you ask them to do it, for a fee. But this is a procedure that at the very least should start with you or your computer support person.
If your data is not erased when a disk is retired or lost, you or your company faces a possibility that the data will be stolen and compromised, leading to identity theft, loss of intellectual property, damage to your company’s reputation, fines resulting from failures in regulatory compliance and financial impacts. High profile instances of data theft from lost or mishandled drives include:
- CardSystems Solutions (2005-06-19): A retired hard drive exposes 40 million credit card accounts.
- Lifeblood (2008-02-13): Several stolen laptops expose personal information including dates of birth and some Social Security numbers of 321,000 patients.
- Hannaford (2008-03-17): Lost hard drive exposes 4.2 million credit, debit cards.
- Compass Bank (2008-03-21): A stolen hard drive exposes 1,000,000 customer records.
- University of Florida College of Medicine, Jacksonville (2008-05-20): Photographs and personally identifying information of 1,900 people on improperly disposed computer.
- Oklahoma Corporation Commission (2008-05-21): A server sold at auction contain hard drives that compromise more than 5,000 Social Security numbers.
The goal is to make the data on your old drive useless or unrecoverable by anyone who might get ahold of your computer after your are done with it. In our next post we will take a look at several methods of data destruction from easy and weak to irretrievably strong and secure.
ShareJAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com