Besides the obvious risk posed by an old 3.5 inch hard drive, there are several easy to miss ways that retired computers can leak sensitive information. These mistakes can expose intellectual property, customer records, or employee data to the public, or worse, to competitors. The resulting spear phishing attacks or social engineering campaigns can cause far more damage than a simple data breach headline.

For context, part of my home lab consists of refurbished Dell small form factor systems. They are inexpensive, compact, quiet, and more than powerful enough for most workloads while generating very little heat. One reason they are so affordable is that I often buy non working units as scrap and combine the functioning parts.

Out of the box, many of these systems come with only 4 GB of RAM and a standard hard drive, which limits their usefulness for modern Windows installations. With Linux, additional memory, and SSD RAID 1 storage, however, they perform extremely well.

During one teardown, this particular system revealed something interesting. Despite being labeled as scrap, it still contained recoverable data.

For full transparency, the “Scrap” note visible in the photo came from another machine, but the data exposure itself was real and representative of one of the common mistakes organizations make when disposing of hardware.

So here is the question for my LinkedIn colleagues and fellow technologists:

Before recycling or disposing of a system like this, what other three locations should always be checked to ensure no sensitive data remains?

Here are a few hints: