IBM and Identity Theft--Hard Drive

[Odie Ferrous]

(e-mail address removed) wrote:

[HD died and was replaced under warranty. Lenovo requires that the
old drive -- with sensitive data which cannot be erased because the
drive failed -- be returned.

Now IBM wants the old drive back. I told them I would damage it so they
couldn't read the data. This is unacceptable to them. It must be sent
back no more damaged than it was at the time of the crash. The
representative said they often recyle them.

While my data was backed up, a lot of the data on the drive they want
returned is probably recoverable.

This may be industry practice--I don't know.

It is. Not just in the computer industry; in general if you have a
warranty claim the vendor usually will want the broken item back, either
to repair or to analyze the failure.

They don't need to analyze the failure; they know by now that their
drives are crap. And they fail.



There's also the issue that vendors

want to avoid being ripped off by users who claim a warranty-covered
failure that never occurred.

Fair enough.

This has even more serious consequences in situations where the data on
the disk are classified, and more recently where the data are subject
to HIPAA restrictions. In these situations typically the user either
foregoes the warranty on the disk, or has a pre-existing agreement with
the vendor covering warranty issues of this type.

True enough.

As a practical matter, it's probable that if they're asking for the
disk back they'll slap on a new circuit board; if it works the disk
will be reformatted and resold; if not it will go to the junk bin.
It's probable (but in no way certain) that nobody will bother to look
at what's on the disk.

With modern drives, simply swapping circuit boards and "hey, it
works!!!" is a fallacy. And as for "nobody will bother to look at
what's on the disk" - nonsense. These techie guys spend mindlessly
boring lives in boring labs, desperate for distraction and sources of
entertainment. If they can see the data, they will generally have a
damn good look. It's a "man" thing. It happens all the time.

In any case, however, given the incredibly low list prices even for
brand-name disk drives, if you're concerned about the data on the disk
being disclosed just forget the warranty, buy a new disk, and take the
opportunity to see how hard it is to completely disassemble the drive.

I agree. If your data borders on precarious, for the sake of £50 or so,
just physically destroy it. No sleepless nights.

I had a situation like that a couple of years ago: division management
had lots of salary info on a 10 GB laptop disk that died. There was
no need to recover the data, and it would have been more expensive to
figure out how to wipe the disk than it was to replace it. I disassembled
the drive, scored the platter surfaces, and now pass around the
carcass of the drive when I do presentations to high-school students.

Odie

 

[Folkert Rienstra]

I'm amazed you should ask that of me, Folkert.

You should well be, Duncan, as 'that' 's not what I asked.

I keep a copy my clients' recovered data for a week or until they
confirm they are entirely satisfied with it - whichever is shorter.

Then it is erased. Securely, of course.

The question was "And what have you done with that information, Duncan?".

Meaning, what action did you take with the knowledge you received.
Or are you part of that "club".

Odie

(Blatant advertizing removed)

 

[minerva_solis]

Odie Ferrous wrote:
And as for "nobody will bother to look at

what's on the disk" - nonsense.

i know you won't believe me, but no I don't.

These techie guys spend mindlessly
boring lives in boring labs, desperate for distraction and sources of
entertainment.

they are clearly wacky

If they can see the data, they will generally have a
damn good look. It's a "man" thing.
boggle

It happens all the time.



I agree. If your data borders on precarious, for the sake of £50 or so,
just physically destroy it.

i have a subteam that is making all these security thingees and (like
idiots
who don't know all you have to do is block the run command and the
webpage address). I work on something else so don't know the whole of
it.

No sleepless nights.

when all i do is block the run command, and believe it not further,
there are no leaks. NONE.

 

[Odie Ferrous]

You should well be, Duncan, as 'that' 's not what I asked.


The question was "And what have you done with that information, Duncan?".

Meaning, what action did you take with the knowledge you received.
Or are you part of that "club".

It goes nowhere, Folkert. Unless, of course, it involves terrorism or
child porn - but fortunately I've never seen that.



Odie
(Blatant advertizing [sic] reinstated)

 

[chad]

Time to get a very big magnet...

- Chad
http://free-backup.info

 

[Folkert Rienstra]

It goes nowhere, Folkert.

You still don't have a clue of what I just asked, don't you, Duncan.

Unless, of course, it involves terrorism or child porn -

but fortunately I've never seen that.

I'll guess that's just one way of saying that you are indeed part of that "club", Duncan.

Odie
(Blatant advertizing [sic] reinstated)

 

[Odie Ferrous]

You still don't have a clue of what I just asked, don't you, Duncan.

Folkert, if you could learn to ask questions directly instead of beating
around the bush (in other words, try to incorporate some sort of sense
in your ramblings) then perhaps you would get better (for you, at any
rate) answers.

Until such time, please stop trolling. I would have thought you above
all that - but I am clearly mistaken.


Odie