Majority of Used Mobile Devices Contain Personal Data

Wednesday, March 23, 2011



A recent study carried out in the U.K. by security firm CPP found that fifty-four percent of second-hand mobile devices still contained large amounts of personal data from the previous owner.

This is in spite of the fact that eighty-six percent of consumers surveyed indicate that they made efforts to erase all personal data from their mobile units before selling or recycling them.

Of those who attempted to erase their personal data, six out of ten were confident they had successfully done so.

CPP purchased second-hand mobile devices from a number of locations, including eBay and used electronics outlets.

The researchers found the devices contained passwords, bank account information, contact lists, credit and debit card PIN numbers, and login credentials for social networking sites, leaving previous owners susceptible to identity theft and fraud.

“This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data. With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data," said CPP mobile data expert Danny Harrison.

CPP’s offers the following advice to ensure proper destruction of personal data on used mobile devices::

  • Restore all factory settings – this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data
  • Remove your SIM card and destroy it  
  • Delete back-ups -  even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else
  • Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications.  Once you are logged out make sure you delete the password and connection
  • Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password
  • If you are selling on your phone ensure you ask for it to be wiped to be on the safe side
  • Don’t store vast amounts of personal information on your mobile phone / SIM
  • Make sure you check your bank statements regularly to monitor for suspicious transactions
  • Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details
  • If you want more information on how to protect yourself or see how these experiments worked
Possibly Related Articles:
PDAs/Smart Phones
Identity Theft Privacy data destruction Mobile Phones Research Mobile Devices Headlines
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.