Custom Search

March 31, 2011

Interesting experiment regarding what personal data is left on discarded or sold cell phones

An interesting experiment conducted by a company called CPP regarding second hand cell phones to determine what treasure troves of personal identifiers an identity thief would find.  The results of the experiment were disheartening (well, except maybe for me - I call the results "job security".  :)

"Life assistance company CPP purchased second hand mobile phones and SIM cards through Ebay and used electronic shops. The experiment examined what personal data was available on the mobile handsets purchased and whether this information could be used to commit identity fraud.

Alarmingly the experiment revealed 247 pieces of personal data were left on a range of mobile phones and SIM cards, leaving previous owners open to the risk of identity theft. Information found included:

• Credit and debit card PIN numbers

• Bank account details

• Passwords

• Phone numbers

• Company information

• Log in details to social networking sites, such as Facebook and LinkedIn.

The experiment also revealed 81% of those questioned claim to have wiped their mobile phone before selling on and that six out of ten people were confident that all their personal details have been removed. However 54% of mobiles and SIM cards were found to contain sensitive information, unknowingly putting people at risk of identity theft.

The life assistance company's findings were supported by data that found 50% of second hand mobile phone owners said they had found personal data when they had purchased second hand mobile phones or SIM cards.

Most people claim to have wiped their mobile handsets manually, which security experts acknowledge leaves information intact and retrievable and therefore at risk of id fraud.

Mobile data expert from CPP, Danny Harrison said: "This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data and put them as risk of identity fraud.

"With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data."

Danny continues, "If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so, such as being a victim of id theft."

Jason Hart, Senior Vice President of CRYPTOCard who was commissioned by CPP to carry out the experiment said, "The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications."

CPP's top tips on wiping your mobile phone of personal information to prevent identity theft:

1. Restore all factory settings - this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 - 4 to protect your data

2. Remove your SIM card and destroy it

3. Delete back-ups - even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else

4. Log out and delete- make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications. Once you are logged out make sure you delete the password and connection

5. Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password

6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side

7. Don't store vast amounts of personal information on your mobile phone / SIM

8. Make sure you check your bank statements regularly to monitor for suspicious transactions

9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details

10. If you want more information on how to protect yourself from id fraud or see how these experiments worked, please visit CPP's blog"
Cell phones are the only electronic items that you need to wipe clean before discarding.  You should do the same with any electronic device - PDAs, computers, even copying machines these days store information.  Today's copiers, for instance, don't copy, they scan and print.  The documents they scan stay on their memory, whether its a hard drive or some other type of storage device.  People who buy used copiers potentially have access to thousands of pages of previously copied documents.  Scary, huh?

The whole article can be found at

March 30, 2011

Tips for avoiding Identity Theft when shopping online

Here are some tips from regarding how to avoid identity theft when shopping online.  I especially agree with tip # 2 - why risk your money when you can risk the credit card company's?!

1. Keep your internet security up-to-date

Updating your internet security, keeping your operating system and browser updated and securing your internet connection can all help to greatly minimise the possibility of a security breach. It is also important to regularly run anti-virus software.

2. Use a credit card over a debit card

Where possible use your credit card instead of a debit card for online purchases. This is important for two reasons. Firstly, if you do become a victim of online fraud and your personal information is stolen, the worse they can do is run up charges on your card. With a debit card this would mean they could drain your bank account. Credit cards are usually easier to dispute fraudulent charges over debit cards and also offer you an extra layer of security.

3. Use secure shopping sites

Always make sure that you use a secure site when submitting information like your credit card details online. Secured websites can be distinguished from unsecure sites in two ways. They use something called SSL and are usually identified by the display of a padlock or other icon in the address bar. The URL of secure starts should also start with https. Secure sites ensure that your personal information is encrypted as it travels across the web. If you are ever unsure, do not use it.

4. Be vigilant

Check your bank statements every month. Research shows that identity thieves often do a test charge to see the card works or not and may not take a lot of money out until months later. By monitoring your account regularly you can notice any suspicious account early and take action before more damage can be done.

March 27, 2011

Where Have I Been?

You may be wondering about the lack of posts recently.  Just so happens that I had several trials scheduled one every other week for the past several weeks.  I got trial ready for three of them, only to have two settle and one get postponed at the last minute.  The other did go to trial and resulted in a $250,000 verdict for my client.

The case involved injuries that my client suffered when she slipped and fell at the buffet in the Gold Strike Casino.  The proof at trial showed that the Gold Strike Casino's drink machine (which the "brass" at Gold Strike claimed did not exist, despite my client, her husband, her son and an honest Gold Strike employee all testified was there) was leaking and had been leaking for some time.  Apparently, the drink machine had leaked earlier in the day, resulting in Gold Strike employees cleaning up the water from the buffet's tile floor.  The employees, however, did not fix the leak, which resulted in additional water leaking onto the buffet floor.  My client's husband and son, who entered the buffet line about 20 minutes before my client, saw the water on the floor.

When my client returned from the restroom, she went directly to the buffet line, slipped in the water and broke her right elbow.  The injuries suffered by my client were severe, resulting in a permanent range of motion loss of 10 degrees.  Ten degrees may not sound like much, but it keeps her from doing various activities of daily living and will for the rest of her life.

While I asked for nearly twice as much as what the jury eventually awarded my client, Gold Strike thinks the verdict is completely unfair.  Crazy, I know, but that's what they think.  In my opinion and in the opinion of everyone I have told about the verdict, it is completely fair and deserved by my client.  Gold Strike needs to get over it and realize that, unlike the gamblers in its casinos, my client got a fair shake and won.  Justice prevailed.

I still have another trial in a couple of weeks and Gold Strike's post trial motions to respond to, but hopefully I will have more time to post in the near future.