News & Events
News & Events
News Center

Information Security Alert

Share:

Mega International Commercial Bank's Keelung Branch replaced 27 computers. Eleven units were outsourced for destruction without personnel monitoring, resulting in incomplete formatting and internal data leaking into the second-hand market.

The Financial Supervisory Commission (FSC) fined the bank NT$2 million for "failure to implement internal controls." Such incidents are common, and bank data leaks have drawn high regulatory attention.

 

Does "Formatting" Truly Eradicate Data?

Many enterprises format hard drives during equipment replacement, believing it thoroughly clears data. However, cybersecurity experts point out that standard formatting only deletes the file system index, telling the operating system that the space can be reused. The actual data bits remain completely intact on the disk. Using commercial or free data recovery software, unauthorized individuals can recover large amounts of sensitive information—including account data, transaction records, employee data, and customer ID numbers—within minutes from a "formatted" drive.

 

The Four Dimensions of Corporate Exposure Post-Breach

When decommissioned storage media leaks, enterprises face compounding legal, operational, and financial liabilities:
  • Regulatory Penalties: The FSC can fine financial institutions that fail to handle data properly up to tens of millions of NTD under data protection regulations.

  • Civil and Criminal Liabilities: Affected customers can file civil lawsuits under the Personal Data Protection Act. In severe cases, corporate executives may face criminal prosecution.

  • Loss of Reputation and Trust: Once a leak is exposed, customer trust plummets. Rebuilding the brand image costs far more than the fine itself.

  • Secondary Security Threats: Leaked personal data may flow to scam syndicates, becoming material for phishing attacks or social engineering, causing further harm.

 

The Compliant Blueprint for Secure Media Disposal

To guarantee that data is permanently and irreversibly eradicated, enterprises should take the following measures or entrust them to qualified professional vendors:

  • Software-Based Data Sanitization: Utilizing professional data erasure platforms (such as Blancco) that align with rigorous global standards like NIST 800 and IEEE 2883, ensuring every sector is multiple-pass overwritten and verified.

  • Certified Physical Destruction: Use professional crushers, physical destroyers, or degaussers to completely destroy hard drives physically, ensuring data cannot be restored.

  • Outsource to Professional Vendors and Obtain Certificates: Choose data destruction vendors certified with ISO 27001, NAID AAA, or R2v3, supervise the entire process, and obtain hard drive destruction certificates with serial numbers as compliance evidence for future audits.

  • Establish Asset Replacement Standard Operating Procedures (SOP): Integrate hard drive destruction into the IT asset management process with clear ownership and audit nodes to avoid management loopholes like "outsourcing without monitoring."

 

Conclusion: Security Begins at the End of the Lifecycle

While enterprises aggressively fund front-end perimeters—such as next-gen firewalls and encrypted networks—they dangerously overlook the tail-end of the technology lifecycle. As recent regulatory fines demonstrate, the last line of defense for corporate data security resides on the very hard drive scheduled for disposal.

Rather than exposing your organization to existential compliance and liability risks, delegate your technology retirement to a certified ITAD specialist. Universal ITAD Solutions provides the correct workflows, certified personnel, and tamper-proof documentation required to bring a responsible, secure, and fully compliant close to your data lifecycle.

[Source of information]Yahoo!新聞-中古硬碟銀行個資全都露 金管會追銀行責任

Related Information

News Center

Drilling Holes in an SSD for Decommissioning? The Data is Still 100% Intact!

News Center

Are Common Data Destruction Methods Truly Effective?

News Center

Shocking Insider Revealed! SSD Data Cannot Be 100% Destroyed

Language

我們致力於保護您的個人資料並提供您對個人資料的掌握。按一下「全部接受」,代表您允許我們置放 Cookie 來提升您在本網站上的使用體驗、協助我們分析網站效能和使用狀況,以及讓我們投放相關聯的行銷內容。如需了解更多關於Cookie用途的資訊,請點選「管理Cookies」。

Manage Cookies

Privacy Preference

我們致力於保護您的個人資料並提供您對個人資料的掌握。按一下「全部接受」,代表您允許我們置放 Cookie 來提升您在本網站上的使用體驗、協助我們分析網站效能和使用狀況,以及讓我們投放相關聯的行銷內容。如需了解更多關於Cookie用途的資訊,請點選「管理Cookies」。

View Privacy Policy

Cookie Setting

Strictly Necessary Cookies

Always Active

網站運行離不開這些 Cookie 且您不能在系統中將其關閉。通常僅根據您所做出的操作(即服務請求)來設置這些 Cookie,如設置隱私偏好、登錄或填充表格。您可以將您的瀏覽器設置為阻止或向您提示這些 Cookie,但可能會導致某些網站功能無法工作。