What to Do If You Discover a Data Breach Due to Outdated Equipment or Old Hard Drives

Old hard drives in boxes ready for sale

Share This Post

Data breaches can happen to any business or organization at any time. Whether you’re a small business owner or a CTO at a large company, data breaches can be a regulatory and PR disaster, not to mention the hit on your company’s reputation that can happen.

Once the data breach occurs, there is little you can do to prevent what happens to the information once it’s out in the open. However, it’s vital to take immediate action to minimize the impact of the breach and prevent it from happening again. 

Here are some steps to take when you discover a data breach due to a defunct hard drive or older equipment that left your chain of custody and became insecure.

Related Post: Why We Use The Best Drive Erase Software On Earth To Ensure Data Security

1. Assess the Scope of the Data Breach

Once you discover a breach has occurred, determine what data was compromised, how it was accessed, and how many people were affected. If you have a backup of the old hard drive, see what may or may not be on it. Even if the data has been changed since you got rid of the older drive, you can at least figure out whose data might be compromised.

2. Notify Affected Parties of the Data Breach

Next is to notify anyone who may be affected. This includes customers, clients, or anyone else whose personal or sensitive information may be in the hands of unauthorized people. Be sure to provide as much information as possible about the breach, including what data was accessed and how it was accessed. Offer advice on how to protect their data, like changing passwords or calling financial institutions (depending on what data had fallen into the wrong hands).

Notifying people of a data breach is never fun. However, you must remain professional when this happens. Some people will be upset. Others will be thankful you took the time to notify them. Professionalism and a “we’re going to solve this” attitude can go a long way to soothing any nerves or anxiety from those affected.

3. Investigate the Cause of the Data Breach

Determining how the breach occurred can be simple or complicated. It could be that one of the higher-ups in the company bought a new computer and threw the old one in the trash before someone vandalized the trash can to steal the older equipment. Tracking the person who threw away the device could take as little as a few hours. Another scenario is that someone left the company, and their laptop had a virus on it, and the hard drive still had your company info on it. That might be more time-consuming.

Following the investigation, take steps to ensure that the same kind of data breach never happens again. This may involve reviewing security policies and procedures, conducting a risk assessment, and implementing additional security measures, such as more robust encryption or multi-factor authentication.

4. Consider Your Legal Obligations

Depending on the nature of the breach and the compromised data, your company may need to determine the legal ramifications of what happened. Were your customers’ financial records put out in the open? What about Social Security numbers or addresses? 

Consult with a lawyer to determine how best to protect your company and your customers following a data breach.

5. An Ounce of Preventing a Data Breach Is Worth a Pound of Cure

The best thing you can do is set up preventative measures to keep a data breach from happening in the first place due to a hard drive getting out in the open. When removing older equipment from your organization, destroy all data from any hard drives, SSDs, and even server equipment you remove.

The best way to handle this is through a certified data destruction company like I.T. Supply Solutions. We’ll wipe any data from an old drive and either remarket it if it’s new enough or physically destroy it.

Related Post: 5 Reasons Why On-Site Hard Drive Shredding Is Better Than Off-Site Shredding

Trust Your Data Erasure With I.T. Supply Solutions

I.T. Supply Solutions, based in the Cincinnati area, offers IT asset disposition and data destruction for your company or organization, whether you’ve got 100 units or 100,000. If you have any further questions about our drive eraser methods, feel free to call (859) 694-0602 or contact us. We’re happy to help in any way we can. 

More To Explore

Electronics Recycling Day to benefit the Independence Police Department's K-9 Unit

Sponsored by the Independence Police Department & I.T. Supply Solutions

Items collected include desktops, laptops, phones (landlines or cellular), flat monitors, servers, loose hard drives, calculators, and cameras.

Please note: No old TVs, microwaves, or bulky monitors.

Donations can be dropped off or made by mail. Check or money order to be made payable to ‘City of Independence’ to:

Independence Police Department
Canine Unit Donation
5409 Madison Pike
Independence, Kentucky 41051
Dropbox available in parking lot

Send contributions via Venmo to Independence Canine using @Independence-Canine.