Organizations are inadvertently exposing sensitive information through the sale of used hard drives, despite increased security awareness, according to a new report.The research found some businesses fail to wipe private employee information, accounting details and sensitive IP data from drives before they are sold.The report, a second-year joint project by the University of Glamorgan in Wales, Edith Cowan University and vendor BT, collected data from 300 drives obtained from IT auctions, computer fairs and online across Australia, the United States and Germany.University of Glamorgan research leader Andrew Blyth said the results show hard drives containing sensitive data are still being sold. “Just from looking at this random sample, it is obvious that there are hard drives on public sale that still contain highly confidential material,” Blyth said. “This research proves that companies and individuals still need to take this issue of the disposal of information stored on hard drives more seriously.”BT head of security technology research Andy Jones said organizations should control information exposure, as legal and ethical responsibilities are well known. “So much has been said already about the availability of information disposal tools, increasing legislative pressures and the growing literacy of computer users that it is difficult to explain why there is still such poor cleansing of disks,” Jones said.He said business must adopt and enforce a universal information-disposal policy for the sale of disks.CSO magazine provides a “how-to” primer on properly disposing data and old computers.“When organizations dispose of surplus and obsolete computers and hard drives, they must ensure that, whether they are handled by internal resources or through a third-party contractor, adequate procedures are in place to destroy any data and also to check that the procedures that are in place are effective,” Jones said.Information contained on the drives included payroll information, mobile telephone numbers, copies of invoices, employee names and photos, IP addresses, network information, illicit audio and video files, and financial details including bank and credit card accounts.By Darren Pauli, Computerworld Australia Keep checking in at our Security Feed for updated news coverage. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe