Feeds

Binned PCs were stuffed with MoD and Sun staffers' privates

Resold without wiping Rebekah Wade's naughty bits

Top 5 reasons to deploy VMware with Tegile

Updated Security researchers have found personal records of Sun newspaper and MoD staff on the hard drives of discarded or resold computers.

The studyThe ghosts from the machines: A history of 10 years of carelessly discarded data, found that both businesses and consumers are getting rid of old PCs without wiping them clean.

Carelessly discarded data on such machines might be used for ID theft. It may also lead to the release of potentially sensitive customer data.

The study was carried out by the Cyber Security Research Institute (CSRI) on behalf of the Asset Disposal and Information Security Association.

In a revelation likely to bring fresh embarrassment to News International, which was embroiled in the phone hacking scandal this year, researchers found that an unwiped hard drive belonging to the media giant was later sold on to a third party. "The hard drive names contained the home addresses and mobile phone numbers of the entire staff of The Sun, plus other high-profile individuals," according to CSRI.

The details included those of then Sun editor Rebekah Wade, later chief executive of News International, Andy Coulson, who worked as David Cameron’s communications supremo before resigning over the hacking affair, and Top Gear presenter and News International columnist Jeremy Clarkson. Disappointingly the researchers did not find the phone numbers for private eyes in the Sun machine.

The Sun's PC came into the hands of CSRI via a third-party disposal firm that had failed to wipe the data.

"Fortunately for News International – and by sheer chance – the data from the hard drive came to the Cyber Security Research Institute," says CSRI chairman and report author Peter Warren. "But it highlights once again the huge volume and value of data that is literally being thrown away by UK businesses and individuals each year.

"In the case of News International, this information on staff could have been used by competitors or criminals to glean vital and commercially confidential information. It could even have been used to hack their staff members’ phones," he added.

The research found 30 per cent of drives making their way onto the second-hand market came with data from previous owners. Over a 10-year period the figure is 40 per cent.

Unwiped data on discarded mobile storage devices and, increasingly, mobile phones poses much the same problem as carelessly discarded data on PCs.

"Whilst the problem has shown some signs of improvement over the last few years we are entering a new technology phase with solid state media being particularly difficult to handle," said Steve Mellings, director of trade group Adisa (the Asset Disposal and Information Security Alliance).

"With mobile phones, USB sticks, tablets and many new laptops utilising SSD, it is critical that people address this issue by implementing effective asset disposal policies."

The report authors estimate around 90 million gigabytes of unprotected data is annually discarded from mobile phones. Though the bulk of this will be music and pictures, around 4.5 million gigabytes will be personal data such as emails and contact details. The report authors reckon 15.1 million gigabytes of data a year is left on discarded old computers.

Carelessness in disposal of data exposes firms to fines by the Information Commissioner as well as reputation-damaging publicity if lax discarded kit disposal policies are exposed.

Apart from more and better education of the public and businesses about securing their data, the report suggests the long-standing problem of carelessly discarded data might be addressed by creating a rigorous set of standards for data destruction and audits of data destruction firms.

"One of the more worrying trends to emerge from our surveys over the last decade concerns the fact that, in a number of cases, the drives we have examined had been given to a third party for disposal but instead of destroying the data those third parties had simply sold on the drives," Warren said.

The CSRI worked with academic partner organisations including the University of Glamorgan, Australia’s Edith Cowan University and Longwood University in the US on the study. ®

Updated to Add

A News International spokesperson said:

“All our drives are encrypted and we have a policy to only dispose of end-of-life hardware in a secure way through a 3rd party supplier. We are contacting the CSRI to find out more about the drive that has been passed to them.”

Choosing a cloud hosting partner with confidence

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
All aboard the Poo Bus! Ding ding, route Number Two departing
Only another three days of pooing and I can have a ride!
Heyyy! NICE e-bracelet you've got there ... SHAME if someone were to SUBPOENA it
Court pops open cans of worms and whup-ass in Fitbit case
Official: European members prefer to fondle Apple iPads
Only 7 of 50 parliamentarians plump for Samsung Galaxy S
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Space Commanders rebel as Elite:Dangerous kills offline mode
Frontier cops an epic kicking in its own forums ahead of December revival
The IT Crowd's internet in a box gets $240k of crowdcash for a cause
'Outernet' project proposes satellite-fuelled 'Lantern' WiFi library for remote areas
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.