July 2, 2009
University of British Columbia journalism students uncovered a hard drive containing sensitive U.S. defence information while filming a documentary in Ghana. Find out why it happened and how you can keep your company from a similarly embarrassing experience
No business should expose a single asset that hasn’t had a data wipe performed on it, according to an Info-Tech Research Group Ltd. analyst.
The warning comes after a group of University of British Columbia journalism students uncovered a data drive containing information about a multi-million dollar U.S Department of Homeland Security defence contract in a recent trip to Ghana. The B.C. students, who were visiting the African country as part of a study about electronic waste, paid about $40 for the second-hand hard drive.
The discarded hard drive included information about hiring and personnel contracts of a variety of U.S. defence organizations — including information about private military contractor Northrop Grumman Corp. — as well as credit card numbers and personal photos, according to published reports citing the students.
“From what it looked like, (the drive) hadn’t even been deleted,” said London, Ont.-based Info-Tech security analyst James Quin. “The first step is deleting, the second step is formatting, the third step is overwriting and the fourth step is destruction. It looks like they hadn’t even done Step 1 for a situation where Step 3 is definitely required and Step 4 might have been a better option.”
To view the complete article, click here.
Tags: Data deduplication, data Risk, ghana, info-tech research group, IT security, Students, UBC, University of British Colombia, US defense organizations, US department of Homeland Security
