Lenovo Security Advisory: LEN-5595
Potential Impact: Drive data may be able to be recovered after running the secure erase utility
Scope of Impact: Lenovo
SanDisk’s firmware used to erase the data on these SSDs did not meet Lenovo’s specifications and it was determined that even after running the ThinkPad Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive or executing the Secure Erase function in the BIOS, data on the impacted SanDisk drives may potentially be recoverable under certain conditions. For example, a hacker would need physical possession of a discarded SSD and know how to recover data from it.
To address this issue, SanDisk has provided firmware fixes that Lenovo has made available through the links below.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update the SSD firmware or your system BIOS (see table below).
PLEASE NOTE: SSDs not purchased through Lenovo are not guaranteed to work with these tools.
To determine the model of your disk drive in Microsoft Windows, go to Device Manager by entering the words “Device Manager” in Windows search and expand the arrow next to “Disk drives”.