NEW YORK, Mar 29, 2017 (BUSINESS WIRE) — John Shegerian, Chairman and CEO of ERI, the nation’s leading recycler of electronic waste and the world’s largest IT asset disposition (ITAD) and cybersecurity-focused hardware destruction company, has issued a statement about alarming new study results about privacy and second-hand electronic devices.
Shegerian calls the study results, revealed last week by The National Association for Information Destruction ( NAID ), an “urgent warning of an ongoing threat to our national security and individual privacy as Americans.”
NAID announced the results last week of the largest study to date of the presence of personally identifiable information (PII) on electronic devices sold on the second hand market. The study showed that 40 percent of devices resold in publicly available resale channels contain PII. For the study, used devices analyzed included used hard drives, mobile phones and tablets.
While there have been similar studies over the past decade, the NAID study is unique in that it took a deliberately unsophisticated approach to unearth PII data from the used electronic items, meaning that no advanced forensic training was required to “hack” private information contained on the exposed devices.
Robert Johnson, NAID CEO, explained that “NAID employed only basic measures to extract data; imagine if we had asked our forensics agency to actually dig! Forty percent is horrifying when you consider the millions of devices that are recycled annually.”
PII recovered included credit card information, contact information, usernames and passwords, company and personal data, tax details, and more. While mobile phones had less recoverable PII at 13%, tablets were disturbingly found with the highest amount at 50%. PII was also found on 44% of hard drives. In total, 40% of the devices yielded PII. The study included devices that had been previously deployed in both commercial and personal environments.
Johnson cautions that the results are in no way an indictment of reputable commercial services providing secure data erasure. “We know by the ongoing audits we conduct of NAID Certified service providers that when overwriting is properly done, it is a trustworthy and effect process. The problem lies with service providers who are not qualified and, too often, with businesses and individuals who feel they can do it themselves,” he said.
Shegerian claims that the data is timely and should serve as a warning to businesses and individuals.
“This eye-opening data from NAID is only the ‘tip of the iceberg’ of the potential exposure anyone can have to hardware hacking,” said Shegerian, “because many organizations that claim to recycle electronics and destroy data are not, in fact, doing the job properly.”
“When a device is responsibly recycled here in the US, part of that process should always include complete, NAID-certified physical data destruction,” added Shegerian. “The hardware security issue we face can lead to the wholesale liquidation of our national security and the security of the corporations and individuals of the United States. Recycling or refurbishing these devices is vitally important, but it must be done the right way.”