Do You Know Where Your Hard Drive Is?

The Arkansas Democratic Party figured out the answer to that questions was “In the hands of a computer consultant in California.”

Bill Ries-Knight bought what he believed was a brand new 120GB Seagate hard drive from eBay.  When he plugged it in he was surprised to find out that it wasn’t.  It was littered with files.  Files created by high-ranking party officials.  Files from the recently elected governor’s campaign.  Files you and I were never supposed to see.

The chain of events that led to this breach of security started when the computer that contained the drive was dropped, effectively destroying it.  A volunteer IT guy tried re-imaging the hard drive but failed.  As “payment”, he was given the drive.  Then the volunteer shipped out for National Guard duty, during which time his wife put the drive up for sale.

Corporations (and everyone else) should learn two things from this.  First, if the data is sensitive then encrypt it.  If the files had been encrypted it would have been less likely that the information would have been read.

Second, and most importantly: Destroy any medium that carries sensitive data when you’re done with it.  A few quick strikes with a sledge hammer (or “dynamic recalibration” as I like to call it) would have ensured that this never happened.  Unless your data is worth less than the  $65 you’re going to get for that drive then why chance it?