Sending your laptop out for repair is a standard fact of life. Perhaps you spilled a drink on it, or maybe you dropped it, but whatever is ailing your computer, you may want to double check exactly who you’re sending it to. A new study reveals that certain data-recovery services claiming that they will fix your computer, may actually be responsible for privacy breach incidents where customers report losing personal or private information.
According to the Ponemon study, 83% of the respondents who said that their organizations had lost sensitive data, 19% of these firms said it was after hiring a third-party-data recovery firm.
“A lot of organizations are focused on firewalls or perimeter controls and ignoring simple issues like these,” says Larry Ponemon, the group’s chief executive. “You’re handing over your company’s crown jewels to a stranger, often without assessing what security controls are in place to reduce the risks.”
“Companies are trusting their data to third parties without a lot of vetting,” Ponemon says. “These are people who could be incompetent or even criminal. The risk is very real.”