When it comes to our personal data, some companies will go above and beyond to obtain it. Unfortunately, some companies don’t always take the same time and care when it comes to the destruction of that data. Recently, Morgan Stanley has come under fire for the possible data breach of their clients’ information. On July 10, the financial institution issued a statement to their clients that there were, “potential data security incidents” related to their personal information.
The incidents, which have occurred over a span of four years, were caused by an ITAD (IT asset disposition) vendor misplacing a number of various computer equipment that were being used to store customers’ personally identifiable information (PII).
A company like Morgan Stanley risks data security breaches every step of the way when opting for a third-party route; this can not only cause irreparable damage to their clients but to their brand as well. The belief that recycling hard disk drives (HDDs) and solid state drives (SSDs) is best practice, can, unfortunately, lead to major consequences.
While there are some reputable data sanitization companies in existence, if a company chooses to utilize an ITAD vendor instead of conducting end-of-life destruction in-house, the number of safety risks can be immeasurable. It can be far too easy for an ITAD vendor to mishandle or misuse drives when in transportation, being sorted by staff, and in the actual acts of destruction and disposal. Some contracted salvage vendors have even been known to sell the equipment they are given to online third parties.
It is a scary but common misbelief that simply erasing drives clean is enough to keep your information safe. When erasing data off of a drive, it’s possible that unencrypted and encrypted information can linger and be easily accessible by hackers. Morgan Stanley chief information security officer, Gerard Brady, wrote, “The manufacturer subsequently informed us of a software flaw that could have resulted in small amounts of previously deleted data remaining on the disks in unencrypted form.”
While Morgan Stanley has issued a statement promising that they will pay for two years of credit monitoring for their customers whose data may have been breached, it frankly isn’t enough for some clients as this possible breach may not affect them until much later.
“There is no statute of limitations on future data breaches,” writes Bob Johnson of the National Association for Information Destruction (NAID). “If a hard drive turns up five or 10 years down the road with personal information on it, it is still a data breach plain and simple. Ignoring missing or improperly wiped electronic media today simply means there are a bunch of time bombs floating around.”
It is this particular reason why we at SEM stress that all hard disk drives be degaussed and destroyed and done so in-house. When destroying data in-house, companies can be positive that the data is successfully destroyed whereas when given over to a vendor, the company forfeits any and all oversight. SEM degaussers use powerful magnetic fields to sanitize the magnetic storage media which renders the drive completely inoperable. No matter what the industry, purchasing in-house, end-of-life data destruction equipment is well worth the investment simply because it is impossible to be certain that all data has been destroyed otherwise. This can in turn potentially save the company more time and money in the long run by preventing breach early on.
While Morgan Stanley was unaware of the dangers that come with hiring third party data sanitization companies, they, along with their clients, are unfortunately the ones who are left to suffer the consequences of the vendor’s negligence.
At SEM we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers, and enterprise IT shredders to meet any regulation. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your personal or regulated destruction needs.
(To read more about how one’s trash can easily become another’s treasure, read one of our previous blog posts here.)