Researchers dig up medical reports, porn from used Aussie hard drives on eBay

A study of second hand hard drives in Australia has found 28 percent of them contained private information, including medical records, client correspondence and porn.

A new study commissioned in Australia by the National Association for Information Destruction (NAID) highlights that completely sanitising old hard drives before putting them up for sale on eBay is something businesses and consumers struggle with.

NAID’s study was conducted in January by a forensic investigator at Australian investigations firm, Insight Intelligence, which looked at 52 randomly selected hard drives purchased from public markets like eBay for the study.

The investor found 15 hard drives contained private information on them, typically in the form of old Office documents and PDFs. Somewhat concerning, eight of the hard drives came from Australian businesses including firms operating in the medical and legal sectors.

One of the more serious finds was from a drive that appeared to have belonged to a NSW based medical facility. The report does not name the firm, but notes the serial numbers and whether there appeared to have been efforts to destroy data on the device.

The drive contained hundreds of Word, Excel, Power Point, Access Database, PDF and Email data files.

Files found included:

  • Lesson requirements documentation
  • Email data containing communication between staff/admin/NSW Health/Contractors etc
  • Documents related to the name of organisation supplied
  • Correspondence documentation between doctors and Medical Facility admin
  • Recruitment applications containing sensitive applicant data
  • Company tax invoices.

A probe into a hard drive that appeared to be formerly owned by a Queensland-based law firm found “conveyancing information for dozens of clients, including records from the national personal insolvency index of Australia which contains specific information about an individual’s solvency status as well as specific information that can be used to locate and identify an individual”.

The drive also contained property title search information and links to ownership details including which bank a loan was from.

A look at consumer hard drives found details that their owners would most likely not want others to view.

One hard drive that appeared to have been owned by a consumer in the Chadstone area of Queensland found pornographic material, evidence of pirate material downloads via a file sharif client called Morpheus and job application data.

Another hard drive whose previous owner — also a consumer from South Australia — had attempted to sanitise was found with a stash of personal photos and videos, bank statement, court case documents relating to a case against a family member, movies, TV shows, porn material, and school projects in Word and PowerPoint documents.

In both consumer devices, the latest content created was from 2013.

“While it might be tempting to dismiss these results given the sample size, it is actually very disturbing,” said NAID CEO Bob Johnson.

“When you consider that the Australian Bureau of Statistics most recent estimates put the number of computers retired annually at over 15 million, the likely amount of private data put at risk in this manner is staggering.

“People from anywhere in the world can buy these drives online, and you can be sure the ‘bad guys’ amongst them know how to use the information for evil. With the viral nature of social media, one can only imagine what could happen if someone decided to share any highly personal images and videos they have found on these drives.”

The report came as Office of the Australian Information Commissioner (OAIC) released the new Australian Privacy Principles (APP) guidelines, which are meant to inform businesses handling sensitive and private information of new requirements under changes to Australian privacy legislation due to come into effect from March 12.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ebayporn

More about Australian Bureau of StatisticsCSOeBayExcelInsightMorpheusNSW Health

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts