News & Events
News & Events
News Center

Information Security Alert

Share:

The data you thought you deleted is actually still there.

Do you think that pressing "Delete" or "Format" will erase your data? In fact, for SSDs, this is far from sufficient. Research from the University of California, San Diego, has revealed a disturbing fact: data stored on SSDs is extremely difficult to completely erase. Even the data erasure algorithms used by the U.S. Department of Defense (DoD) are not always effective at removing specific files from SSDs.

This isn't just an academic warning. In Taiwan, some people have purchased used hard drives and discovered they contained direct access to bank clients' business transaction data, accessible without any data recovery software. Businesses and individuals who don't understand how SSDs work and carelessly replace their devices are essentially handing over confidential data.

 

Corporate Compliance Considerations

According to the Enforcement Rules of Taiwan's Personal Data Protection Act, companies must have complete destruction records and evidence for obsolete storage media. The following are the principles that companies should follow when handling SSD replacements:

Establish a complete destruction process: Every hard drive, from replacement, transfer, destruction to completion, should have a detailed record, including serial number, responsible person, destruction method and date.

Do not hand over the hard drive directly to a recycler: handing the hard drive directly to a computer recycler cannot serve as legal proof that the data has been completely destroyed, and the company is still responsible for the consequences.

Note the following when sending an SSD for repair: After an SSD is sent to the original manufacturer for repair, the manufacturer may replace it with a new hard drive instead of returning the original one. If the original drive contains sensitive data that has not been erased, it may be circulated on the second-hand market.

Outsourced destruction requires certification: If you entrust a professional destruction company to handle the process, you should request them to provide a destruction certificate that complies with NIST SP 800-88 or DoD 5220.22-M standards as proof of compliance.

The widespread adoption of SSDs has made data storage faster and more durable, but it has also brought unprecedented data destruction challenges. Traditional deletion and formatting methods are virtually ineffective with SSDs. Whether you are an individual user or a corporate IT department, before replacing equipment, you must choose the appropriate data destruction method based on the confidentiality level of the data to truly protect information security and avoid becoming the next data breach victim.

 

[Source of information]iThome-SSD廠商沒有告訴你的真相:SSD資料難以完全刪除

Related Information

News Center

Drilling Holes in an SSD for Decommissioning? The Data is Still 100% Intact!

News Center

How a Second-Hand Hard Drive Exposed Sensitive Bank Customer Data

News Center

Are Common Data Destruction Methods Truly Effective?

Language

我們致力於保護您的個人資料並提供您對個人資料的掌握。按一下「全部接受」,代表您允許我們置放 Cookie 來提升您在本網站上的使用體驗、協助我們分析網站效能和使用狀況,以及讓我們投放相關聯的行銷內容。如需了解更多關於Cookie用途的資訊,請點選「管理Cookies」。

Manage Cookies

Privacy Preference

我們致力於保護您的個人資料並提供您對個人資料的掌握。按一下「全部接受」,代表您允許我們置放 Cookie 來提升您在本網站上的使用體驗、協助我們分析網站效能和使用狀況,以及讓我們投放相關聯的行銷內容。如需了解更多關於Cookie用途的資訊,請點選「管理Cookies」。

View Privacy Policy

Cookie Setting

Strictly Necessary Cookies

Always Active

網站運行離不開這些 Cookie 且您不能在系統中將其關閉。通常僅根據您所做出的操作(即服務請求)來設置這些 Cookie,如設置隱私偏好、登錄或填充表格。您可以將您的瀏覽器設置為阻止或向您提示這些 Cookie,但可能會導致某些網站功能無法工作。