NEW YORK–(BUSINESS WIRE)–John Shegerian, Chairman and CEO of ERI,
the nation’s leading recycler of electronic waste and the world’s
largest IT asset disposition (ITAD) and cybersecurity-focused hardware
destruction company, has issued a statement about alarming new study
results about privacy and second-hand electronic devices.
Shegerian calls the study results, revealed last week by The National
Association for Information Destruction (NAID),
an “urgent warning of an ongoing threat to our national security and
individual privacy as Americans.”
NAID announced the results last week of the largest study to date of the
presence of personally identifiable information (PII) on electronic
devices sold on the second hand market. The study showed that 40 percent
of devices resold in publicly available resale channels contain PII. For
the study, used devices analyzed included used hard drives, mobile
phones and tablets.
While there have been similar studies over the past decade, the NAID
study is unique in that it took a deliberately unsophisticated approach
to unearth PII data from the used electronic items, meaning that no
advanced forensic training was required to “hack” private information
contained on the exposed devices.
Robert Johnson, NAID CEO, explained that “NAID employed only basic
measures to extract data; imagine if we had asked our forensics agency
to actually dig! Forty percent is horrifying when you consider the
millions of devices that are recycled annually.”
PII recovered included credit card information, contact information,
usernames and passwords, company and personal data, tax details, and
more. While mobile phones had less recoverable PII at 13%, tablets were
disturbingly found with the highest amount at 50%. PII was also found on
44% of hard drives. In total, 40% of the devices yielded PII. The study
included devices that had been previously deployed in both commercial
and personal environments.
Johnson cautions that the results are in no way an indictment of
reputable commercial services providing secure data erasure. “We know by
the ongoing audits we conduct of NAID Certified service providers that
when overwriting is properly done, it is a trustworthy and effect
process. The problem lies with service providers who are not qualified
and, too often, with businesses and individuals who feel they can do it
themselves,” he said.
Shegerian claims that the data is timely and should serve as a warning
to businesses and individuals.
“This eye-opening data from NAID is only the ‘tip of the iceberg’ of the
potential exposure anyone can have to hardware hacking,” said Shegerian,
“because many organizations that claim to recycle electronics and
destroy data are not, in fact, doing the job properly.”
“When a device is responsibly recycled here in the US, part of that
process should always include complete, NAID-certified physical data
destruction,” added Shegerian. “The hardware security issue we face can
lead to the wholesale liquidation of our national security and the
security of the corporations and individuals of the United States.
Recycling or refurbishing these devices is vitally important, but it
must be done the right way.”
ERI, the nation’s leading recycler of electronic waste and the world’s
largest cybersecurity-focused hardware destruction company, is certified
to de-manufacture and recycle every type of electronic waste in an
environmentally friendly manner. ERI processes more than 275 million
pounds of electronic waste annually at eight locations, serving every
zip code in the United States. For more information about e-waste
recycling and ERI, call 1-800-ERI-DIRECT or visit www.eridirect.com.
Paul Williams, 310-569-0023