Storage wrinkle: 4,500 flash drives left at the cleaners

Another 12,500 mobile devices were left in cabs, study finds

Lost a USB drive with important data on it? Check with your dry cleaner. A survey by a U.K.-based company found that in the past year, 4,500 USB flash drives were forgotten in the pockets of clothes left at the dry cleaners, and thousands more handheld devices were left in the back seats of taxis.

While that number may appear high, the survey of 100 dry cleaners by London-based data security company Credant Technologies this month revealed that the number of flash sticks left at the cleaners since last April actually declined by half.

It "is likely to be a change in users' habits as opposed to a significant breakthrough in people's vigilance," Credant said in a press release this week.

According to Credant, another survey of London and New York City taxi companies last year revealed that more than 12,500 devices, such as laptops, iPods and memory sticks, are forgotten in taxis every six months.

Sean Glynn, chief marketing officer at Credant , said his company urges users to take more care not to download unprotected corporate data and other sensitive information that if lost "could lead to a security breach, especially now that there are harsh fines afoot."

"This could now cost a company up to [$811,000] with new powers given to [the U.K.'s] Information Commissioner's office to fine companies who have not sufficiently protected customers details under the Data Protection Act," Glynn stated.

In a December survey of 636 IT security and IT support practitioners by research group the Ponemon Institute in Traverse City, Mich., 83% of respondents said they believe that at least one data breach has occurred in the past two years in their organization. Nineteen percent indicated that the breach happened when a drive was in the custody of a third-party data recovery service provider. And 43% of those respondents who said the breach occurred at the vendor said it was due to a lack of data security protocols.

A 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company's network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

Robert Siciliano, a personal security expert and CEO of IDTheftSecurity.com, recently wrote in his blog that millions of electronic devices are lost in cabs and hotels or are stolen, and millions more end up for sale on eBay, are recycled or are tossed in the trash. "Many of these phones still have enough data on them to commit identity theft or, in the wrong hands, make your life miserable," he said.

"What if someone got the names, addresses and e-mails for everyone in your life?" Siciliano said in an e-mail response to Computerworld. "Not good."

Siciliano said a study conducted in December by managed services provider Regenersis, a U.K.-based recycler, tested a sampling of 2,000 cell phones. Ninety-nine percent of those cell phones had personal identifying information, such as banking and credit card data, personal e-mails, contacts, text messages, pictures, music, videos, calendar entries, notes, mailing lists, to-do lists, and automatic log-ins for Twitter, LinkedIn and Facebook, he said.

According to Siciliano, studies also show that consumers replace cell phones every 18 months on average.

"Over the past four to five years, BlackBerries, iPhones and countless other smartphone/PDAs have flooded the market," he said. "All of these devices' technologies are upgraded within 6 months, and the user wants the latest and greatest."

Siciliano suggested that consumers should do the following to protect their data:

  • Use encrypted USB drives.
  • Not store data that will be considered a "data breach" if lost, stolen, sold or recycled.
  • Have strong password protection on phones.
  • Remove a device's SIM card before selling it.
  • Reformat the phone's operating system multiple times. This generally wipes off the data, but there are programs that do it more thoroughly. There is no universal way to reformat. It is different with every phone/manufacturer/operating system.

Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian, send e-mail to lmearian@computerworld.com or subscribe to Lucas's RSS feed .

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies