Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

Sensitive corporate data just $10 on eBay


Laptops and hard disks containing sensitive corporate data are readily available at auction sites. Researchers paid $10 for a hard disk from eBay which came with access codes to the secure intranet of one of Europe's largest financial services groups.

It was the first of 100 disks and laptops purchased as spare and used parts from internet auction sites as part of a study into the accessibility of information from lost laptops and hard disks.

In the study by security specialists Pointsec Mobile Technologies, seven out of ten of the disks, all of which were supposedly "wiped-clean" or "re-formatted," contained readable information.

The disk containing sensitive information belonging to one of Europe's largest financial services groups (which has not been named) included pension plans, customer databases, financial information, payroll records, personnel details, login codes and admin passwords for the company's secure intranet.

There were 77 Microsoft Excel documents containing customers' e-mail addresses, dates of birth, their home addresses, telephone numbers and other highly confidential information. If exposed publicly, Pointsec reckons it could cause irrevocable damage to the company, resulting in a massive loss in customer confidence and a plummeting share price.

The firm also sought to find out how easy it is to purchase and access information on laptops that are lost in transit.

Investigating laptops lost at three international airports – Denver International, Chicago O'Hare and London Gatwick – Pointsec found that the laptops, and all the information residing on them, were put up for auction by either the airport or local police if they were not reclaimed after a reasonable period of time.

Pointsec visited one of the auctions used by Gatwick airport authorities and found that before even purchasing the laptops, the researchers were able to start up the laptops to inspect whether they worked. Using password recovery software, they were able to access the information on one in three of these laptops. This exercise was repeated in the US, Sweden, and Germany.

According to Peter Larsson, CEO of Pointsec Mobile Technologies:

"Our research has shown just how easy it is to purchase second-hand or lost laptops at public auctions, as well as hard disks over the internet, and easily access the information on them. Even when companies or individuals believe they have wiped the hard disk clean, it is blatantly clear how easy it is to retrieve sensitive information from it both during its current lifetime and beyond it.

"These findings reinforce how important it is to never let laptops or mobile devices leave the office without being adequately protected with encryption and strong password protection."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.