48% Of Used Hard Drives Contain Sensitive Data – How To Be Sure Yours Won’t


Discarded hard drives often have residual personal data on them
Discarded hard drives often have residual personal data on them.

Many of us pass our Macs and some external devices on to others when we upgrade. Family and friends may get our hand-me-downs, but quite frequently we’ll sell an old Mac, printer, or external drive on eBay or some other venue. Regardless of where our computers and related technology end up when we outgrow them, it’s important to make sure we scrub any personal data from them.

The importance of securely erasing personal and/or business data from hardware that is being passed on, sold, or even recycled was highlighted in a recent study by Britain’s Information Commissioner’s Office, which discovered that half of all used hard drives contained information from their previous owners.

The study found that 48% of used drives contained some residual data. 11% contained personal information of some kind. 3% contained sensitive personal details like digital copies of passports and driver’s licenses, birth certificates, tax information, banking and financial information, and health-related data. 1% had enough information on them to commit identity theft.

The study included drives from a mix of sources, including businesses that might be responsible for recording and tracking some of that sensitive data.

Of the drives that didn’t contain accessible data, only 38% we truly clean (meaning that they were securely wiped). The remaining 14% were damaged and considered unreadable though the study doesn’t specify the damage or whether data recovery or forensic tools might have gained information for them.

Those are some troubling statistics, but the big lesson is that if we, as individuals or businesses, are getting rid of drives or computers, we need to securely erase our data.

That means doing more than clicking the simple Erase button in Disk Utility. A simple erase doesn’t actually erase anything. It simply marks all the sectors of a disk as free space. Until every sector has new data stored in it, the old data still exists and data recovery and forensic tools can retrieve it. A secure erase actually overwrites data.

Performing a secure erase is quite simple. Launch Disk Utility, select the drive, and then the Erase tab. On that tab, click the Security Options button and select the type of secure erase you want to perform – there are three choices:

  • A single pass erase overwrites the entire drive with a series zeroes. It’s fastest, but data recovery or forensic tools can still recover data.
  • A three pass erase writes random data to the drive, then does it again, and then does a standard pass with known data. That’s generally sufficient to prevent most tools from recovering usable data.
  • A seven pass erase makes seven passes with specific mixes of known and random data. The process meets U.S. Department of Defense requirements for secure erase of even the most sensitive information. For individuals, this can be overkill, but for businesses that deal with sensitive information like healthcare records or banking/financial data, this is the best option.
Disk Utility's Erase tab.

It’s also worth noting that you don’t have to wait until you’re getting rid of a Mac or drive to securely erase information. The Finder’s Secure Empty Trash command performs a single pass erase of data you’re deleting. You can also use Disk Utility’s Erase Free Space option with the same secure erase options available for drives – meaning that any data that you deleted will get overwritten one, three, or seven times but any other data will be left intact.

In addition to Disk Utility, most commercial hard drive tools also offer secure erase features.


  • Ryan Simmons

    Or, you could just smash it to pieces.

  • thegraphicmac

    Yeah, I agree with Ryan. It’s much faster to smash it to pieces.

  • Joel Waxman

    How do you erase if the computer is not bootable?

  • Downs

    I use bootable Active KillDisk ( http://www.killdisk.com/ )

  • Downs

    Or, you could just smash it to pieces.

    Even though I like being destructive, smashing it to pieces still leaves a lot of data on the cylinders. Most of the smashing just goes to the chipsets and boards attached to the device, as well as the drive enclosure/casing. KillDisk erases 1 pass 0 and has more options than just passing over 17 times [NSA requirements (which beat the DoD 5220.22-M specs)], and even though most people don’t need this, if you do have highly sensitive data on a drive, have it plugged into a working system, boot up into killdisk and wipe it thoroughly. I’m not sure how effective this is with SSD’s, since SSD’s don’t use similar-to-vinyl-record-type disks and instead use chips. Either way, if you burn a piece of paper, it can still be recompiled using software that is readily available (mostly to government agencies) (it works by acting like solving a jigsaw puzzle), and KillDisk acts like the DoD’s modern day burn bags, where they dissolve the classified papers containing sensitive data into a paste which is then transformed into cardboard boxes.

    Either way, if you’re a regular person who has nothing to hide, use secure empty trash on Mac. If you’re someone in a business with sensitive data or do banking, etc., on a system; before tossing out any drive, set it up with KillDisk (or equivalent) running, and just let it do its process…there’s a lot of cybercriminals out there who would love to have your data.

  • ApplePr0n

    This is why when I’m done with my computers, I find the nearest overpass and toss it over, it causes accidents occasionally, but at least my personal info is gone :D

  • annie

    Acid and fire are the good solutions for it because recovery software recover data even from reformatted drives. Just check it to know about recovery software.