Office Watch dug into Outlook after yesterday’s story about passport details of the G20 Leaders being leaked accidentally.
It’s quite possible that there’s a copy of the G20 leaders passport info still on a computer in the Asian Cup Local Organising Committee’s offices, based on the information provided in the Immigration Departments report. The organization that received the passport details appears to have made an honest effort to remove the mistakenly received message. The Committee did all the right things:
“Subsequently, on the same day, the Asian Cup Local Organising Committee advised in writing
that <redacted> had emptied his deleted items folder and:
The retention period on – deleted items was set to 0 to purge the item completely;
There is no record of it be forwarded; and
The email was not copied to a backup as these only run overnight.
The Asian Cup Local Organising committee do not believe the email to be accessible, recoverable or stored anywhere else in their systems.“
But that didn’t allow for Outlook not truly deleting the message at all, despite using the word ‘permanently’.
“… emptied his deleted items” merely marks the space as available for possible reuse, it doesn’t delete it all.
Freely available tools from the Internet can open an Outlook PST data file and view the ‘permanently deleted’ information.
It seems neither the Committee nor the Immigration Department’s IT people realize this.
A similar situation applies at the Exchange Server level on the organizations server. While the message may have been ‘deleted’ from the Exchange Server database, that doesn’t mean the details have been erased or wiped.
A detailed look at the Exchange Server database may well reveal the ‘deleted’ message sitting there. Just like Outlook, it would be marked as ‘deleted’ but not really gone.