SATA SSD cheated death from failed attempt at data destruction with a drill — drive emerges victorious in face-off against IT worker

News
By published

When a single drill hole doesn't hit the target

Destroyed SATA SSD
(Image credit: Reddit/Stretcheddd)

If you ever need to destroy one of the best SSDs by drilling a hole in it, you need to make certain you hit the right spot. A recent viral Reddit story has reminded us that missing the target can have serious consequences. In this incident, an IT employee reportedly attempted to destroy a SATA SSD by drilling a hole through it before disposal, a common tactic for businesses to ensure their data is destroyed. However, the individual failed even to make contact with the SSD's PCB and left the drive intact, with the data still accessible, and the drive ended up on the market.

The story serves as a powerful lesson about the importance of proper data destruction procedures. Drilling a hole through a hard drive is as old-school as you can get. But SSDs are different, and some recent drives, like the one in the Reddit post, have shorter PCBs, so drilling a hole in the center may not reach the NAND chips. In this case, it didn't even touch the PCB. If you're going to drill the SSD, at least make multiple perforations or open the drive to ensure you hit the bullseye.

The “IT guy” at work drilled through the SSD’s before giving them away from r/pcmasterrace

Manual destruction may be feasible for smaller companies, but it can be cumbersome for larger companies that manage many drives. In the latter case, it may justify engaging a hard drive or SSD destruction service, where you can pay a company to handle all the dirty work. For other cases, you can always invest in a storage medium destroyer.

For example, DiskMantler uses vibrations to destroy hard drives in 90 seconds. Then there is the less sophisticated approach, such as the Puncher P30, which drills four holes through your hard drive or SSD. Now, if you need rapid destruction, alternatives like the MediaGone 500 SSD & Flash Media Shredder can destroy hundreds of SSDs, USB flash drives, and smartphones in an hour, while the NVMe Destroyinator wipes data from up to 16 M.2 SSDs simultaneously at jaw-dropping speeds up to 64 GB/s.

If you insist on having personnel drill holes in your hard drives or SSDs, it would be wise to update the procedures manual to have them drill multiple holes at strategic locations, such as the NAND chips and controller, for maximum effectiveness. As a safety measure, you can add a clause requiring a thorough physical inspection of the drive after drilling.

Alternatively, a different tool could be a viable option. For example, a hammer can be surprisingly effective for destroying internal components and may be more satisfying than drilling. Ultimately, the goal is to leave no doubt that no data has been destroyed. A few extra steps can provide peace of mind for the employee and the organization.

Google Preferred Source

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Zhiye Liu
Zhiye Liu
News Editor, RAM Reviewer & SSD Technician

Zhiye Liu is a news editor, memory reviewer, and SSD tester at Tom’s Hardware. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

13 Comments Comment from the forums
  • edzieba
    Why do people perform these convoluted dances when following the NIST standard is so much easier:
    Step 1) Run ATA SECURE ERASE on the drive (HDD OR SSD). The data on that drive is now unrecoverable, even forensically. DBAN with multiple passes is security theatre.
    Step 2) ONLY if needed by regulatory requirements, and ONLY after following Step 1: physically shred the drive.

    99% of cases, you perform Step 1 and are now done.
    Reply
  • voyteck
    Come on - if this were a Hollywood movie, the villain would just put a bullet through the PC case (or the display), and the data would be gone forever.
    Reply
  • Konomi
    edzieba said:
    Why do people perform these convoluted dances when following the NIST standard is so much easier:
    Step 1) Run ATA SECURE ERASE on the drive (HDD OR SSD). The data on that drive is now unrecoverable, even forensically. DBAN with multiple passes is security theatre.
    Step 2) ONLY if needed by regulatory requirements, and ONLY after following Step 1: physically shred the drive.

    99% of cases, you perform Step 1 and are now done.
    True: generally speaking, doing 1 is enough, also I personally find ripping off chips on SSDs and crushing them with pliers to be somewhat enjoyable. Plus that at least leaves the rest of the PCB to be somewhat salvageable if someone requires it.
    Reply
  • jp7189
    Drilling holes is only for glass patter HDDs that get shattered by the action. NAND based drives need to have every chip physically destroyed, and drilling would be an inefficient way to hit every chip.

    Rotating the key on a SED drive sure is a quick and compliant way to do it, but thats still far slower and more expensive compared to a grinder when you have many 1000s of drives to process. It requires low wage folks and theres no chance of uncertainty.
    Reply
  • ravewulf
    On the other hand, adding wheels to the SSD to turn it into a little toy is pretty neat 😊
    Reply
  • hotaru251
    a hammer works better :|
    Reply
  • passivecool
    edzieba said:
    Why do people perform these convoluted dances when following the NIST standard is so much easier:
    Step 1) Run ATA SECURE ERASE on the drive (HDD OR SSD). The data on that drive is now unrecoverable, even forensically. DBAN with multiple passes is security theatre.
    Step 2) ONLY if needed by regulatory requirements, and ONLY after following Step 1: physically shred the drive.

    99% of cases, you perform Step 1 and are now done.
    because this requires the disk to still be operational?
    an old hdd that no longer spins up still has much data on it.
    just like old phones, old ssds, old CF cards ....

    when i was a kid, dad had a degausser at work. would magnetically process a hdd so they bashed around in the enclosure.

    safely disposing of the devices without making them impossible to recycle is a really big open issue imho.
    I have a drawer full of stuff that i don't know how to best dispose of. ...
    Reply
  • DingusDog
    Why would someone destroy a drive then give it away and/or put it on the market? Makes no sense. Anyways, this kind of waste should be outlawed, we have more than enough e-waste piling up in landfills. How about just formatting the drive then filling it with junk data overwriting any sensitive information. If done properly no previous data can be recovered.
    Reply
  • USAFRet
    DingusDog said:
    Why would someone destroy a drive then give it away and/or put it on the market? Makes no sense. Anyways, this kind of waste should be outlawed, we have more than enough e-waste piling up in landfills. How about just formatting the drive then filling it with junk data overwriting any sensitive information. If done properly no previous data can be recovered.
    Some places and use cases require, by law, physical destruction.
    Reply
  • Lieutenant Barclay
    Maybe the guy knew the data wasn't sensitive but it was company policy so he drilled where he knew they'd still work. Like how many IT guys haven't taken apart a 2.5" SSD in the last 10 years?
    Reply