Hidden Danger of Unsanitized Hard Drives

Hidden Danger of Unsanitized Hard Drives

Secure Data Recovery, the leader in RAID, SSD, and hard drive recovery, recently outlined how to properly dispose of hard drives. As part of that post, we experimented on discarded HDDs to expose the dangers of improper data destruction. In that experiment, we recovered over 200,000 files for less than $100, showing unauthorized parties could access sensitive data for small sums. In 2023, we decided to expand the sample. These are the results.

Financial Fallout of Data Breaches

Malicious actors have several methods of acquiring personal data. Most are aware of ransomware and phishing schemes. However, one of the cheapest, more uncommon tactics involves obtaining valuable files from old hard drives.

Although hard drives store a significant amount of confidential information, and all storage devices will encounter failure or replacement, most individuals and organizations do not implement sanitization protocols. That leaves the door open for third parties to acquire classified documents, financial statements, vital records, medical histories, or trade secrets.

In our first test, we recovered 216,109 files from fourteen hard drives we purchased for $98.82. Those sellers only sanitized a single hard disk drive in the sample. Our engineers retrieved all original data from half of the devices. Five HDDs did not even require any repairs.

The average data breach in the United States cost $9.44 million in 2022.

Falling victim to a data breach because of an unsanitized storage device could have devastating consequences, including going out of business. Even the cost of mishandling sensitive information is prohibitive.

So, were the results of the experiment an aberration? Or a reflection of the public’s attitude toward data destruction?

We wanted to find out.

The Forgotten Risks: Old Hard Drives

This time, we purchased 100 hard drives for less than $1,000. All devices were listed as refurbished, used, or for parts. The release date of the hard drives ranged from 1994 to 2022.

And the results were similar to the initial test.


Sellers sanitized just 34 out of 100 hard drives. Those steps prevented over 64 TB of possible private data from being sent into the world.

We discovered that 31 hard drives in the sample were either damaged or encrypted. At the onset of the experiment, we decided not to perform repairs on damaged drives, given the cost of replacement parts and the value of time. Nevertheless, our experts estimated that a substantial portion of the damaged disks were still salvageable.

Considering those circumstances, our engineers recovered data from 35 hard drives without repair. Users formatted seven of those 35 devices to wipe working data from the disk. However, a quick format does not erase the contents of an HDD. Quick formatting resets the file system. The new file system designates the space the deleted data once occupied as free. Despite that, those files still exist in unallocated space after formatting.

In total, the 35 unsanitized hard drives contained 5,786,417 files. We sorted the data into six categories: images, videos, documents, audio, mailboxes, and other miscellaneous files.

Below is the breakdown of recovered data.


Images accounted for 3,792,741 files. Popular file types for images include GIF, PNG, and JPEG. Those could be harmless memes and photos for social media or assets for a marketing campaign.

The sample held 283,883 video files. Common types of video files, such as AVI, FLV, or MP4, serve different objectives. AVI is often used in software development. FLV files are prevalent on streaming platforms like YouTube. An MP4 file works across computers and mobile devices. These formats present almost endless possibilities, from a tutorial for a website to a video of a seminar.

We also recovered 153,745 audio files from the sample. The bulk of the recovered audio consisted of MP3 files. MP3s are a popular format for downloaded songs.

In most cases, the previous files will not reveal compromising information.

That is not the case with the rest of the files. The following breaches could jeopardize the survival of a business.

Our team retrieved 286,033 documents from unsanitized hard drives, including Word, Excel, PowerPoint, and PDF files. These documents could disclose reports, strategies, financials, research, personally identifiable information, or designs. Leaked company records and intellectual property have far-reaching consequences. In addition to the immediate ramifications, the organization’s long-term reputation could suffer.

Furthermore, we recovered 204,351 mailboxes. A mailbox database archives emails, contacts, and calendar items for a user to a server. Malicious actors accessing this data could gain insight into operations and glean information from the exchanges or tasks. With this intelligence, someone could impersonate an executive and defraud the organization. Committing wire fraud is much easier with inside information.

We classified the remaining 1,065,664 files as other miscellaneous files. For this exercise, we determined that unique databases and proprietary or system files required their own category.

A proprietary file is a format developed for a specific application or company. Part of the appeal of proprietary files is that various platforms do not widely support them. These restrictions allow businesses to further safeguard sensitive data. But cybercriminals can access proprietary files in the absence of adequate security measures.

System files are essential to functional software. These files contain instructions and settings to ensure seamless operation. System files include logs as well. In particular, logs provide sophisticated parties with critical information on what happens within an application or system. An unauthorized person could weaponize that data.

Unsanitized devices are a serious, often forgotten threat.

(Disclaimer: Secure Data Recovery did not view the contents of any recovered file. We implement and maintain strict data-handling practices. We securely purged all files from unsanitized hard drives after this experiment.)

Protect Your Data With Hard Drive Destruction

Individuals and organizations should have a plan for end-of-life IT assets to mitigate risks. Several effective methods for hard drive destruction exist. Each option is significantly cheaper than recovering from a data breach.

Shredding tears the disk’s platters into small pieces. Disintegrating reduces the drive to a residue. Degaussing demagnetizes the HDD. Overwriting clears the data on the device with an erasure program and allows users to reuse the hardware.

Failing to put proven sanitization procedures in place could cause irreparable harm.

We know how to recover data from hard drives. We also know how to destroy an old hard drive so no one else can recover it. Our certified data destruction services offer the ultimate peace of mind.

Call us at 800-388-1266 for a risk-free media destruction consultation.

T.J. Burlee, Tech Enthusiast
Article by

T.J. Burlee is a content writer for Secure Data Recovery Services. He specializes in various topics in the data industry, including data recovery technology, storage devices, and digital forensics. Throughout his career, he has covered complex concepts and provided accessible solutions for users. Before joining Secure Data, he worked as a freelance technical writer.

Need Our Professional Services?

Related Articles