Dumpster Diving

The term dumpster diving conjures up the image of youngish urban explorer types with flashlights, digging through garbage bins in search of gold - in which the gold includes things such as electronicky bits, books, CD's, and that sort of thing. There are even freegans base their entire life - including nutrition - by harvesting the massive amounts of edible goods that people throw away every day. You can even buy books that purport to teach the skills necessary to be a better dumpster diver!

However, there is a more nefarious type of dumpster diver - one who steals identities and confidential company data. Companies lose millions and millions of dollars worth of data every hear straight from the garbage bin - hard drives with payroll data, proposal documents, human resource lists, and so on. A grey-hat hacker once reported that he discovered a bag of corporate credit cards in the garbage. A little research showed that the company had just been bought out a few days earlier, so it was likely they were all issued cards to reflect the new company name. This same fellow also found, in the same dumpster, a hard drive that he described as "barely working", but after trying the hard drive freezer trick he managed to find the human resources and payroll records from the same company that threw out the credit cards. Pretty good catch.

We could make up all kinds of worse-case-scenereos about this level of data breach. Every company should develop and uphold a Data Destruction Policy, and use tools and techniques to sanitize their sensitive information before tossing their unused and nonworking hardware. Why make it easy for the bad guy?