Why Big Tech Shreds Millions of Storage Devices it Could Reuse

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Mick Payne remembers the moment the madness of the way we dispose of our data was brought home to him.

The chief operating officer of Techbuyer, an IT asset disposal company in Harrogate, was standing in a large windowless room of a data center in London surrounded by thousands of used hard drives owned by a credit card company. Knowing he could wipe the drives and sell them on, he offered a six-figure sum for all the devices. The answer was no. Instead, a lorry would be driven up to the site, and the data-storing devices would be dropped inside by authorized security personnel. Then industrial machines would shred them into tiny fragments. “I walked out and thought, ‘This is absolutely crazy’,” says Payne. “They couldn’t allow the disks to leave the building—despite the fact we could wipe them on-site then sell to a new customer who could make use of them for years to come... It was a complete waste.”
Underpinning the reluctance to move away from shredding is the fear that data could leak, triggering fury from customers and huge fines from regulators.

Last month, the US Securities and Exchange Commission fined Morgan Stanley $35 million for an “astonishing” failure to protect customer data, after the bank’s decommissioned servers and hard drives were sold on without being properly wiped by an inexperienced company it had contracted. This was on top of a $60 million fine in 2020 and a $60 million class action settlement reached earlier this year. Some of the hardware containing bank data ended up being auctioned online. While the incident stemmed from a failure to wipe the devices before selling them on, the bank now mandates that every one of its data-storing devices is destroyed—the vast majority on site. This approach is widespread.

One employee at Amazon Web Services, who spoke on condition of anonymity, explained that the company shreds every single data-storing device once it is deemed obsolete, usually after three to five years of use: “If we let one [piece of data] slip through, we lose the trust of our customers.” Amazon declined to comment.

A person with knowledge of Microsoft’s data disposal operations says the company shred everything at its 200-plus Azure data centers. Microsoft says “we currently shred all [data-bearing devices] to ensure customer data privacy is maintained fully.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top