ERI CEO responds to NAID study on PII in secondhand electronics
ERI CEO responds to NAID study on PII in secondhand electronics
<![CDATA[John Shegerian, chairman and CEO of ERI, a Fresno, California-based recycler of electronic waste and an IT asset disposition (ITAD) and cybersecurity-focused hardware destruction company, has issued a statement about “alarming” new study results recently released by the National Association of Information Destruction (NAID), Phoenix, about privacy and secondhand electronic devices.
Shegerian calls the study results an “urgent warning of an ongoing threat to our national security and individual privacy as Americans.”
NAID announced the results of what it says is the largest study to date of the presence of personally identifiable information (PII) on electronic devices sold on the secondhand market. The study shows that 40 percent of devices resold in publicly available resale channels contain PII. For the study, used devices analyzed included used hard drives, mobile phones and tablets.
While there have been similar studies over the past decade, the NAID study is unique in that it took a deliberately unsophisticated approach to unearth PII data from the used electronic items, meaning that no advanced forensic training was required to “hack” PII contained on the exposed devices.
NAID CEO Robert Johnson says, “NAID employed only basic measures to extract data; imagine if we had asked our forensics agency to actually dig. Forty percent is horrifying when you consider the millions of devices that are recycled annually.”
PII recovered included credit card information, contact information, usernames and passwords, company and personal data, tax details and more information. While mobile phones had less recoverable PII at 13 percent, tablets were found with the highest amount at 50 percent. PII also was found on 44 percent of hard drives. In total, 40 percent of the devices yielded PII. The study included devices that had been previously deployed in both commercial and personal environments.
Shegerian says that the data is timely and should serve as a warning to businesses and individuals.
“This eye-opening data from NAID is only the ‘tip of the iceberg’ of the potential exposure anyone can have to hardware hacking,” says Shegerian, adding, “because many organizations that claim to recycle electronics and destroy data are not, in fact, doing the job properly.”
He continues, “When a device is responsibly recycled here in the U.S., part of that process should always include complete, NAID-certified physical data destruction. The hardware security issue we face can lead to the wholesale liquidation of our national security and the security of the corporations and individuals of the United States. Recycling or refurbishing these devices is vitally important, but it must be done the right way.”
ERI is certified to demanufacture and recycle every type of electronic waste in an environmentally friendly manner. ERI processes more than 275 million pounds of electronic waste annually at eight locations, serving every zip code in the United States.
]]>
Source: Recycling Today
ERI CEO responds to NAID study on PII in secondhand electronics
<![CDATA[John Shegerian, chairman and CEO of ERI, a Fresno, California-based recycler of electronic waste and an IT asset disposition (ITAD) and cybersecurity-focused hardware destruction company, has issued a statement about “alarming” new study results recently released by the National Association of Information Destruction (NAID), Phoenix, about privacy and secondhand electronic devices.Shegerian calls the study results an “urgent warning of an ongoing threat to our national security and individual privacy as Americans.”NAID announced the results of what it says is the largest study to date of the presence of personally identifiable information (PII) on electronic devices sold on the secondhand market. The study shows that 40 percent of devices resold in publicly available resale channels contain PII. For the study, used devices analyzed included used hard drives, mobile phones and tablets.While there have been similar studies over the past decade, the NAID study is unique in that it took a deliberately unsophisticated approach to unearth PII data from the used electronic items, meaning that no advanced forensic training was required to “hack” PII contained on the exposed devices.NAID CEO Robert Johnson says, “NAID employed only basic measures to extract data; imagine if we had asked our forensics agency to actually dig.…