New Report: Over 40% of Google Drive Files Contain Sensitive Info

Written by

A recent report has revealed that 40.2% of files stored on Google Drive contain sensitive data.

The findings come from the latest research from data security firm Metomic, which analyzed roughly 6.5 million Google Drive files.

The report, published on Wednesday, also suggested that 34.2% of the scrutinized files were shared with external contacts outside the company’s domain. Equally concerning was the revelation that over 350,000 files (0.5%) were publicly accessible, allowing unrestricted entry to anyone possessing the document link. 

Among the files flagged for sensitive information, such as employee contracts and password-laden spreadsheets, 18,000 were categorized as “Critical Level” due to highly sensitive data or insecure file permissions.

Read more on Google Workspace Security: DeleFriend Weakness Puts Google Workspace Security at Risk

The report also mentions that as the frequency of data breaches continues to rise, it becomes crucial for organizations to gain comprehensive visibility into SaaS ecosystems, particularly Google Workspace apps. This challenge is underscored by the extensive use of the platform, serving over 3 billion users.

“With so many businesses leveraging Google Docs, Google Sheets and Google Slides [...] it’s mind-boggling to think of how much sensitive data is accessible to people outside of an organization and how blind most security teams and business leaders are to this,” said Metomic CEO, Rich Vibert. 

“Our Google Scanner Report puts a spotlight on the amount of vulnerable data living in Google Drives around the world, underscoring just how critical it is that businesses know what data is being stored, where it is stored and who has access to it.”

According to the executive, the optimal approach to thwarting a data breach involves securing the company’s vulnerable data, thus preventing it from falling into the wrong hands.

“Metomic’s Google Scanner Report makes clear how big of a challenge this is for IT and security teams who are struggling to strike a balance between protecting their company’s reputation and ensuring employees have access to effective SaaS tools that drive collaboration and productivity across the business.”

Image credit: Diego Thomazini /

What’s hot on Infosecurity Magazine?