IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Smartphones
#
Data Protection
#
DataCentre infrastructure

E-waste hacking: The unknown data security crisis

Wed, 4th Jun 2025
By Ross Thompson, CEO, Greenbox

Australian businesses, agencies and households face a looming cybersecurity theat. As millions of data breaches hit vulnerable networks, software and people every year,

coming over the top is the inherent vulnerability of electronic waste (e-waste) – a physically accessible, weakly-secured bonanza for hackers (that is, if asset disposal is improperly handled). 

What is driving the heightened danger? E-waste is the fastest growing waste stream in the world and each Australian produces almost triple the global average of e-waste, much of which ends up in landfill. Technology proliferation, device obsolescence, a consumer-driven environment, new waste streams coming from data centres, AI-enabled bad intentions, and more intermediaries in the data lifecycle are sending e-waste hacking risks through the roof.    

Currently, between 10% and 20% of cyber incursions happen when old computer assets are being disposed of. End-of-use devices are a blind spot for businesses and public agencies compared to live on-network devices. There have been significant data breaches in recent years linked to e-waste.  A U.S. government decision around April 2025 to remotely wipe hardware of some fired workers (no physical collection of devices) is now under scrutiny due to the risks of improper disposal. Awareness of realised cybersecurity dangers highlights the importance for organisations of robust ITAD processes, data erasure, and having a proper chain of custody for asset management.   

E-waste hacking can lead to everything from impersonation, phishing scams and email fraud through to blackmail and cyberattacks – and all of us are at risk. One tech academic highlights that 90% of second-hand laptops, hard drives and memory cards still have recoverable data.  

E-waste is already a multimillion-dollar risk for companies due to potential extortion, fines, litigation, pollution, and reputation destruction. There was the early data loss incident at Morgan Stanley (2016-19) involving decommissioning of data centres and loss of customer data that led to over $163 million in penalties and fees. In Australia, The Commonwealth Bank lost financial statements of almost 20 million accounts stored on two misplaced magnetic tapes. Ahead, expect the costs of poor asset disposition to escalate.  

As our tech-dependent lifestyle makes AI / technology its platform, accelerated hardware obsolescence – ranging from data centres, servers and IoT devices through to desktops, laptops and smart phones – is a serious security threat as well as a major environmental hazard. 

Australia produced 580 million kg of e-waste in 2022. Something as simple as organisations needing to move from Windows 10 to Windows 11 this year has the potential to generate 12 million kilograms of toxic landfill waste in Australia alone. Making matters worse, people avoid recycling electronics through concern that their data, even if deleted, will be stolen.  

The best form of e-waste recycling is actually reuse, which demands proper, certified data sanitisation – every year our sustainable tech company processes millions of discarded computers and other e-waste from large companies, government departments and agencies. 

Cybersecurity is squarely an issue for the board room now – knowing the 'what,' 'where,' 'how used,' 'how disposed,' and applicable laws around data and devices is a core reputational issue. Directors need to head off unintentional breaches of sensitive information and its exploitation arising from failure to keep track and properly dispose of IT assets

Any organisation that owns IT assets should have an asset inventory to help keep track of each item in their disposal process, whether its incinerated, repurposed, or recycled.  A safe data destruction audit begins by examining the asset inventory to check for any remarketing, relocation, or donation items. The IT Department can confirm that no other IT assets are included in the inventory. 

 ITAD includes the processes of reusing, recycling, repurposing, repairing, or disposing of unwanted IT equipment. Businesses and governments can avoid legacy IT assets coming back to haunt them by maintaining rigorous data protection and environmental compliance. 

Not doing proper risk analysis and due diligence to secure a certified, proven and trusted ITAD partner is potentially catastrophic. Starter questions that businesses should ask their prospective partner include: 

  • What is the range of your services, from gathering and sorting to removing, refurbishing, reselling, and recycling? Will they meet our compliance mandates?   
  • Does your organisation have certifications to show that you follow industry standards for best practices in recycling and reusing electronics?  
  • Do you provide us with a secure chain-of-custody for asset management, allowing us to track our assets from the time of collection until they are disposed of? Is compliance assured through an audit trail? How do you report / certify / support us? 
  • How does your organisation erase data and what guarantees do you provide? For example, Greenbox assures its customers of security through being a platinum ITAD partner for Blancco (Data Erasure Software) and DISP (Defence Industry Security Program) certified. 
  • Does your organisation erase all the data in our IT equipment, providing us with data erasure certification? If the data isn't erased through data erasure software (the most secure data sanitisation technique), do you destroy the storage devices?  
  • Are your facilities R2v3 (responsible recycling) certified? Do you ensure nothing goes into landfill and zero carbon is emitted into the environment, and give us a carbon emission certificate?   
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Airwallex appoints board as ADI licence bid nears after USD $300 million funding
Okta launches enhanced data recovery for Australia
Exclusive: Commvault on cyber resilience as the new battleground for enterprise data
Gallagher Security hosts record-breaking user event in Adelaide
Rapid7 Q1 2025 incident response findings
Top stories
Dynatrace unveils agentic AI to boost enterprise automation
AI & edge technologies top Hannover Messe 2025 trends
Mary Yang appointed Chief Marketing Officer at SquareX
Exclusive: Why Cyberattacks on Aussie businesses are becoming more advanced
DeepHealth boosts ultrasound AI by integrating See-Mode team