Brad Feld has a post about what a friend found on used hard drives – stories like this surface regularly, but each one is still very disturbing. Money quote:
Not surprisingly, he found a huge amount of data, including confidential information such as medical records, HR correspondence, and financial data. For example, Drive #134 was from an ATM in a Chicago bank. It contained one year’s worth of transactions, including over 3,000 card numbers. In this case, the bank had apparently hired a contractor to upgrade the ATM machines – the contractor hired a sub-contractor. The bank and contractor assumed the disks would be properly sanitized, but there were no procedures specified in the contract. As a result, the drives weren’t sanitized correctly and the data was still on them for Simson to play around with.
…
Simson logically ponders this issue, especially in our current Patriot Act governed world. For less than $1,000 and working part time, he was able to collect thousands of credit cards, detailed financial records on hundreds of people, and confidential corporate files. He concludes by asking – “who else is doing this?â€