Buying a second-hand hard drive might be a good way to save a few bucks. It might also be a good way to get hold of anything from medical records to information about U.S. missile defense systems. As the Telegraph reports, a study of 300 second-hand hard drives conducted by British Telecom together with Welsh, Australian, and American universities has yielded surprising results.
The drives all came from computer auctions, fairs, and eBay. The Telegraph says a whopping 34% of the devices contained "information of either personal data that could be identified to an individual or commercial data identifying a company or organisation."
Perhaps most surprising was the discovery of a disk bought on eBay that revealed details of test launch procedures for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system, used to shoot down Scud missiles in Iraq.
The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin - who designed and built the system.
Discoveries on other drives included "bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions." British Telecom researcher Andy Jones, who spearheaded the study, points out that some organizations may be breaking the law by not erasing sensitive data before auctioning off old hard drives.
Despite the aforementioned discovery, though, Lockheed Martin told the Telegraph it's "not aware of any compromise of data related to the Terminal High Altitude Area Defence programme." The defense contractor also claims it can't comment further on the leaked data or its source without looking at the hard drive.