Wednesday, March 24, 2004

Do you know where your bank's old hard disks are?

You don't have to be a geek to realize the implications of this little problem: A lot of people, including financial institutions, are putting used hard drives on the market without really erasing the data.
Much of the data we found was truly shocking. One of the drives once lived in an ATM. It contained a year's worth of financial transactions--including account numbers and withdrawal amounts--from a organization that had a legal requirement to not divulge such information. Two other drives contained more than 5,000 credit card numbers--it looked as if one had been inside a cash register. Another had e-mail and personal financial records of a 45-year-old fellow in Georgia. The man is divorced, paying child support and dating a woman he met in Savannah. And, oh yeah, he's really into pornography.

These people are lucky that their disks were picked up by Simpson Garfinkel, writing for CSO magazine. He's been buying up hard disks off the dusty shelves of computer shops for $5 apiece, buying them in bulk from E-Bay. He says that only about 10 percent of the drives he bought had been properly sanitized.

Just erasing a disk doesn't do it, at least not for true techies, of whom there must be at least a few nefarious types. Wiping the data means overwriting it with random information--programs are available at prices from free to $1,000--or running it through a metal shredder.

I hope my bank is listening.

I picked this up from BoingBoing.

No comments: