Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sending HDD for Data Recover - Concerned about privacy?


  • Please log in to reply
4 replies to this topic

#1 OfficeJerk

OfficeJerk

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 16 September 2015 - 01:09 AM

Hi

 

Ill be sending my Internal HDD off for professional data recovery in the near future but have some concerns about privacy.

 

First concern is my excel spreadsheet which I listed every known piece of login information I have ever had including paypal and possibly bank info. Do i need to change my login details before I ship the HDD away?

 

Please let me know your thoughts on this.


Edited by OfficeJerk, 16 September 2015 - 03:20 AM.


BC AdBot (Login to Remove)

 


#2 jonuk76

jonuk76

  • Members
  • 2,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:01:46 PM

Posted 16 September 2015 - 06:13 AM

If it's an unencrypted, non-password protected file my thoughts would be yes you should change them.  That's not because I think it's likely that a data recovery firm is going to hack your accounts as they recover your data (it would be a bit obvious, wouldn't it?) but they should be considered compromised.  You will never know if someone has decided to keep it for themselves for future mischief...

 

Theres a serious risk with holding very sensitive data in that way.  You might consider using something like Keepass or at the least encrypt the file.  Password protection on Excel versions pre-2010 is fairly easy to defeat, I understand.


Edited by jonuk76, 16 September 2015 - 06:34 AM.

7sbvuf-6.png


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,300 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:46 AM

Posted 16 September 2015 - 11:23 AM

If I thought that I had any truly sensitive info...last place I would keep it is on a hard drive.  Flash drives are (IMO) perfect for such...and provide portability/access practically anywhere..

 

Louis



#4 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:07:46 AM

Posted 16 September 2015 - 09:46 PM

Do you need to, no.  Will you feel better if you do, yes.  These companies deal with too much data to spend the time going through everything.  Could something happen, yes, but odds are it won't.

 

I recommend against using a USB drive, unless you have a back up.  My ex-wife lost her entire journal when her USB drive dropped all the information on it.  All it takes is one bad removal to lose access to the data on the drive.

 

Now that you've lost data it is time to look into a back up strategy.  Here is a great chart of Online Backup Services.



#5 James Litten

James Litten

    Ԁǝǝ˥q


  • BC Advisor
  • 1,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:46 AM

Posted 17 September 2015 - 03:22 PM

Hi OfficeJerk

 

I've seen this kind of situation go bad for companies having drives recovered in the past.

BUT NOT THE WAY YOU ARE WORRIED ABOUT.

 

What I have seen happen is that the recovery company makes an image of the drive as they recover the data or they dispose of the old drive after recovering the data to a new one.

What then happens is that in the chaos and confusion that occurs at some busy recovery companies the image or the old drive are not disposed of properly and a bad person finds them and mines them for personal data.

 

I have never encountered a recovery service that snoops in their customer's data and uses it for personal gain.

 

What you can do....

Be sure to let them know that you have personal data on there that you need kept secure and would they please be sure to properly erase or dispose of any copies after sending you back the recovered files.

 

That should protect you most of the time.

 

Personally, I would change any root passwords to public facing servers and any financial passwords stored in that spreadsheet but I keep those in my head and in a safe, not on any computer.

 

Hope this helps you feel more comfortable,

James






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users