Last month, researchers in Britain decided to find out if people left anything behind when they sold or donated their old computer. They bought 300 used machines in several countries and from a number of sources, including eBay.
What did they find? About one-third still contained personal data on the hard drives, data that was located with just a little digging. Among the items rooted out: the test-launch information for THAAD ground-to-air defense missiles; medical records from hospitals; Social Security numbers; and proprietary commercial documents, such as business plans.
The disturbing conclusion: Even large organizations, which have legal obligations to protect their data, are sometimes lax about removing them thoroughly from discarded computers.
What about average home users?
The biggest mistake they make, experts say, is to assume that files are gone from the hard drive once they’ve been placed in the trash bin and deleted. “The actual data remains intact on the hard drive. There are programs available designed to find this data and easily re-create the original information,” explains Michael Helander, a spokesman for Lavasoft, a Swedish software security firm, in an e-mail.
To really erase all personal data from a hard drive, users have two choices: The first involves software; the second, elbow grease.
A number of free programs will do a good job of thoroughly erasing a hard drive, says Ben Rothke, a senior security consultant in the professional services division of BT (British Telecom), and the author of “Computer Security: 20 Things Every Employee Should Know.”
Mr. Rothke likes the popular open-source program Darik’s Boot and Nuke (DBAN), found at www.dban
.org. Among the commercial data-erasing products is iolo technologies’ DriveScrubber (a one-year service plan is $20.97) which you can find here.
Those who want to remove data selectively – say, keep the operating system and a few programs – could use a product such as Lavasoft File Shredder (one-year license: $29.95). “This program lets the user shred all free disc space in one easy step,” Mr. Helander writes. The user can select what data he wants deleted. Afterward, “no personal information will remain on the hard drive and the user will be able to securely sell or give the computer away.”
Two things that don’t work, experts say: formatting or partitioning the hard drive. The data may get pushed around a bit, but it remains, even if Windows warns you that all data will be erased.
What’s the elbow-grease method? Open up the computer, take out the hard drive, and smash it several times vigorously with a hammer, Rothke says. (Goggles and gloves are a good idea.) Make sure you hear some satisfying crunching sounds from the interior.
Opening up a machine and removing the hard drive isn’t too difficult, Rothke says. Just keep in mind that CD-ROM drives can look like hard drives. “You have to make sure you’re destroying the right thing,” he says.