Eventually, the financial market will be in a tumult again and some companies, agencies and organizations will cease to exist. Unfortunately, these failing companies are keeping a lot of sensitive documents and consumer information. Things can be bad enough that these companies would simply put their hard drives, optical discs and other storage media in the dumpsters. When a company does fail, people would not bother to perform secure data protection practices. It is important to make sure that our sensitive information won’t end up in the recycling centers. Information like SSN, credit card numbers, name, address, email and others can be harvested easily by bad people.
When a financial company is filing for bankruptcy, it has plenty of legal responsibilities that need to be fulfilled, including safeguarding sensitive information. There should be a team of staff who are specialized in disposing and eliminating sensitive information. Important documents will need to be shredded and then incinerated. Unused hard drives would need to be digitally wiped, re-wiped and then smashed physically. When destroyed hard drives are being dumped and processed in the recycling systems, they need to be monitored.
In reality, owners and employees of a failing financial company would likely be more concerned with thinking about themselves. Employees in the IT department won’t care about data security, if they are going to get fired. Also, a bankrupt company is no longer have money to do extra tasks like safeguarding consumers data. In some countries, there are no real regulations related to the disposal of sensitive information. People won’t stick around to shred documents and smash hard drives. Inappropriate handling of unused information can be dangerous for thousands or even millions of customers.
The problem could become even more serious when the failing financial companies sell their computer systems and data centers to pay off creditors. They may only perform simple deletions of the hard drives and through the use simple data recovery programs, it is actually possible to undelete these files. Even after the hard drives are re-formatted, files still reside inside the hard drives, but they can’t be retrieved in a normal manner. It would take only standard data recovery techniques to regain access to these sensitive files. Many employees in the financial companies may not be aware of this fact when they send their computers to the new owner.
Data harvesting from a failing financial company isn’t a far-fetched concern. Malicious individuals are known to perform a variety of methods to steal data from consumers and perfectly healthy financial companies. Lack of security in a collapsing financial company would make it much easier for bad people to steal a huge amount of sensitive data. It would be a treasure trove that can be used by bad people to gain money illegally. Consumers should monitor their financial companies and make sure that data has been wiped properly. In fact, it is imprudent for companies to transfer hard drives to new owners no matter how many times they have been re-wiped.