Third Party Data Breaches: The Importance of Choosing An E-Waste Recycler Wisely

Destroying data and disposing of old IT assets in a responsible manner is no easy feat. These tasks must be performed by skilled professionals who have been trained to handle sensitive data and potentially hazardous e-waste. For these reasons, it’s very common for companies to hire third party e-waste recyclers instead of taking on these tasks themselves. Even companies that are heavily regulated, such as those in the financial and healthcare industries, turn to third party providers for their e-waste recycling needs.

If you are interested in working with a third party e-waste recycler, it’s important to take your time when choosing one. Why? The e-waste recycler you choose will handle a great deal of your company’s sensitive data, so they must be reliable enough to protect it until it has been destroyed. If you choose an unreliable e-waste recycler, the data could fall into the hands of an unauthorized user. In fact, it is estimated that about one-quarter of data breaches involve a third party.

Examples of Third Party Data Breaches

A number of data breaches involving third parties have made headlines in the last several years. In 2013, over 40 million credit card numbers were stolen in a cyberattack on Target. Shortly after the details of the attack were made public, it was discovered that the breach could be traced back to a third party working with the retailer. Hackers were able to access Target’s data by using log-in information stolen from a HVAC contractor that worked with the company. If Target had chosen a contractor that kept their data secure, the breach may have never happened.

CVS is another major retailer that fell victim to a third party data breach. The retailer previously worked with a small company based in Canada, PNI Media, which provided a host of photo services. Several years ago, hackers were able to infiltrate PNI Media’s network, which gave them access to personal and credit card information belonging to millions of CVS customers.

Domino’s Pizza also suffered a security breach that was eventually traced back to a third party supplier. Once the cause of the breach was identified, Domino’s revealed that they had not worked with the supplier in years. Despite the fact that the two companies no longer worked together, the supplier still had personal information belonging to Domino’s customers. This case shows that a company’s data may still be at risk even if the company no longer does business with a certain third party vendor.

How Working With Unreliable E-Waste Recyclers Can Lead to Data Breach

If you hire an unreliable e-waste recycler, your data could be breached in several ways. First, the e-waste recycler may not have conducted background checks on employees that handle sensitive data. If no background check has been performed, there’s no way of knowing whether the employee can be trusted with your data. This means untrustworthy employees could gain access to your company’s sensitive data.

It’s also common for unreliable e-waste recyclers to simply erase the data on devices instead of actually destroying it. If a device is still functional, the e-waste recycler has the option of reselling it instead of breaking it down for parts. But, this could lead to a massive data breach. If the data on a device that is being resold is only erased, it may not be easily accessible, but it’s not hard for a tech-savvy hacker to get their hands on it. This means whoever purchases the device from the recycler could recreate the sensitive data that was erased from the hard drive.

Many e-waste recyclers bring e-waste from their clients back to their facility before destroying the data and breaking down the device. No matter how short the trip is between the client and the e-waste facility, an unreliable recycler could lose a device on the way to their final destination. Since the data has not been destroyed at this point, anyone who finds the device could easily access it.

Choosing A Reliable E-Waste Recycler

Before hiring an e-waste recycler, it’s important to ask them about their certifications. There are several certifications that reliable e-waste recyclers should have, but one of the most important ones is the National Association for Information Destruction (NAID) certification. To obtain this certification, e-waste recyclers must prove that data left on electronic devices is secure the entire time it is in the recycler’s possession. An auditor from the NAID monitors the e-waste recycler’s procedures regularly to ensure that employees handling sensitive data are properly vetted and that all data is completely destroyed from the devices. If an auditor identifies any issues in the recycler’s process, the facility loses its certification. Therefore, if a recycler has this certification, it means they can be trusted with your company’s sensitive data.

The e-Stewards certification is also important. E-waste recyclers with this certification have proven that they process all e-waste within their facilities instead of sending it overseas to developing countries. Why does this matter? When recyclers send e-waste overseas, they are putting your company’s sensitive data in the hands of strangers. The people who end up processing the e-waste in developing countries are not trained to handle sensitive data—in fact, they don’t make an any effort to destroy data on the devices.

To prevent the data on your devices from being sent overseas, look for an e-waste recycler with the e-Stewards certification. Recyclers with this certification process all of their e-waste in special facilities in the U.S., so you don’t have to worry about where your sensitive data will end up.

ERI is the leading recycler of e-waste in the entire country. ERI has also been awarded the e-Stewards, R2, and NAID certifications. Countless Fortune 500 companies trust us with their sensitive data because of our data destruction guarantee. For more information on recycling your electronics, or to request a quote for your company, contact us today.