The drives were bought from the UK, America, Germany, France and Australia through computer auctions, computer fairs and eBay.
The exercise was carried out by BT's Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US.
A spokesman for BT said they found 34% of the hard disks scrutinised contained "information of either personal data that could be identified to an individual or commercial data identifying a company or organisation."
The researchers concluded that a "surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey."
Perhaps most surprising was the discovery of a disk bought on eBay that revealed details of test launch procedures for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system, used to shoot down Scud missiles in Iraq.
The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin - who designed and built the system.