In December 2019, a major incident occurred in Japan: discarded hard drives (HDDs) from a prefectural government were resold via online auctions, and a large volume of sensitive administrative documents was exposed.
This incident is commonly referred to as the 2019 Kanagawa Prefecture HDD resale data leak incident. Here’s a quick summary of what happened and what we can learn.
1) What happened
HDDs from a file server were scheduled for replacement at the end of a lease. Instead of being securely sanitized or physically destroyed under strict controls, some drives were mishandled by a contractor chain and ultimately ended up being resold.
2) What kind of data leaked
Reports indicated that the drives contained highly sensitive information, including personal data and administrative documents. The scale was enormous (reported in the tens of terabytes).
3) Impact
– Public anxiety about misuse of leaked personal information
– Loss of trust in institutions responsible for safeguarding data
– Broader re-evaluation of security practices across organizations
4) Lessons learned
– Disposal of IT equipment must be handled with validated procedures.
– Security is an organization-wide responsibility, not just an IT task.
– Controls should be reviewed regularly as threats and technologies change.
5) Use a reliable erasure system
Before reuse or disposal of PCs, servers, or smartphones, it’s not enough to “reset to factory settings.” Use reliable erasure methods and keep proof.
Solutions like MASAMUNE Erasure help organizations sanitize devices properly and reduce the risk of recoverable data.
