Fifteen out of 52 computer hard drives purchased by the National Association for Information Destruction (NAID) Australia were found to have highly sensitive personal data including bank account details, medical information and home addresses.
The hard drives were taken to a forensic investigator, Insight Intelligence, who was able to easily extract the information. Some of the data included the legal case records of a family dispute, email files from a medical facility and signed documents granting access to business and personal emails from a Justice of the Peace.
NAID CEO Bob Johnson said the results were “very disturbing” in light of the Privacy Act reforms which are coming into law on 12 March 2014.
“When you consider that the Australian Bureau of Statistics [ABS] estimates from 2008 put the number of computers retired annually at 15.7 million, the likely amount of private data put at risk in this manner is staggering,” he said in a statement.
- Financial, health data dumped in Sydney rubbish bins
- New data privacy laws: What you need to do to comply
- Australian Privacy Principle guidelines released
According to Johnson, cyber criminals can buy the hard drives online and use the information to obtain people’s identities or bank account funds.
He added that NAID has offered to provide the hard drives and report findings to the Office of the Australian Information Commissioner (OAIC) for the purposes of an inquiry.
According to Insight Intelligence's managing director, Mario Bekes, the removal of data from hard drives requires more than “just pressing the delete button”.
“Even if they try to do it properly, consumers and businesses take a big risk by attempting to erase hard drives themselves. It is not really a do-it-yourself project.”
He advised enterprises and consumers to “be careful” when selecting a computer recycling service and make sure the company has the technical expertise to remove all data from hard drives.
Follow Hamish Barwick on Twitter: @HamishBarwick