Security logs, medical records and missile data discovered in disused hard drives

Study involving university researchers in the UK, US and Australia, discovers an assortment of private data on ebay

A third, or 34 per cent, of disused hard drives still contain confidential data according to a new study, which found missile defence system data and media records on ebay purchases.

The study, sponsored by BT and Sims Lifecycle Services, researched by Wales’ University of Glamorgan, America’s Longwood University and Australia’s Edith Cowan University, also dug up secret data from the German Embassy in Paris and business dealings from a US bank.

Around 300 hard drives from he UK, America, Australia and other countries, bought through computer auctions and on eBay were studied.

“It is clear from the sensitive information revealed by this study that a wide range of organisations, businesses and individuals all over the world are fundamentally failing in their duty to properly manage sensitive data when their IT equipment passes outside of their control,” Sims Recycling Solutions Kumar Radhakrishnan said.

“It is vital to realise that residual data can still be accessed years after the equipment has been discarded and in the wrong hands could have not only financial consequences but potential implications for national security,” Radhakrishnan added.

The study’s most prominent discovery was that of a disk revealing details of test launch procedures for the Terminal High Altitude Area Defence (THAAD) ground to air missile system.

The disk also contained security policies, facility blueprints and employee social security numbers belonging to the system’s designer, aerospace manufacturer Lockheed Martin.

In Australia, a disk belonging to a nursing home was found, containing pictures of patients wounds.

A recent Verizon Business forensic data breach report found that data loss via portable hard drives accounted for one in 150, from a total of 285 million record breaches, and according to Mark Goudie, Verizon Business’ managing principal for investigative response in Asia Pacific, these numbers are insignificant.

“There is a lot of hype about the dangers of data leaks by portable media like USBs and laptops,” Goudie told CSO.

An investigation is currently underway at Lockheed Martin, and a spokesperson told Britain’s Telegraph that the company was not aware of any compromise of data related to the THAAD system.

"Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source."

Join the CSO newsletter!

Error: Please check your email address.

Tags defenceedith cowan universitystoragehard driveshard-disk drivesUSBdata breachlockheed martin

More about AADBT AustralasiaCowaneBayEdith Cowan UniversityEdith Cowan UniversityLockheed MartinVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kathryn Edwards

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place