Custom Search

March 31, 2011

Interesting experiment regarding what personal data is left on discarded or sold cell phones

An interesting experiment conducted by a company called CPP regarding second hand cell phones to determine what treasure troves of personal identifiers an identity thief would find.  The results of the experiment were disheartening (well, except maybe for me - I call the results "job security".  :)

"Life assistance company CPP purchased second hand mobile phones and SIM cards through Ebay and used electronic shops. The experiment examined what personal data was available on the mobile handsets purchased and whether this information could be used to commit identity fraud.

Alarmingly the experiment revealed 247 pieces of personal data were left on a range of mobile phones and SIM cards, leaving previous owners open to the risk of identity theft. Information found included:

• Credit and debit card PIN numbers

• Bank account details

• Passwords

• Phone numbers

• Company information

• Log in details to social networking sites, such as Facebook and LinkedIn.

The experiment also revealed 81% of those questioned claim to have wiped their mobile phone before selling on and that six out of ten people were confident that all their personal details have been removed. However 54% of mobiles and SIM cards were found to contain sensitive information, unknowingly putting people at risk of identity theft.

The life assistance company's findings were supported by data that found 50% of second hand mobile phone owners said they had found personal data when they had purchased second hand mobile phones or SIM cards.

Most people claim to have wiped their mobile handsets manually, which security experts acknowledge leaves information intact and retrievable and therefore at risk of id fraud.

Mobile data expert from CPP, Danny Harrison said: "This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data and put them as risk of identity fraud.

"With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data."

Danny continues, "If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so, such as being a victim of id theft."

Jason Hart, Senior Vice President of CRYPTOCard who was commissioned by CPP to carry out the experiment said, "The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications."

CPP's top tips on wiping your mobile phone of personal information to prevent identity theft:

1. Restore all factory settings - this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 - 4 to protect your data

2. Remove your SIM card and destroy it

3. Delete back-ups - even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else

4. Log out and delete- make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications. Once you are logged out make sure you delete the password and connection

5. Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password

6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side

7. Don't store vast amounts of personal information on your mobile phone / SIM

8. Make sure you check your bank statements regularly to monitor for suspicious transactions

9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details

10. If you want more information on how to protect yourself from id fraud or see how these experiments worked, please visit CPP's blog"
Cell phones are the only electronic items that you need to wipe clean before discarding.  You should do the same with any electronic device - PDAs, computers, even copying machines these days store information.  Today's copiers, for instance, don't copy, they scan and print.  The documents they scan stay on their memory, whether its a hard drive or some other type of storage device.  People who buy used copiers potentially have access to thousands of pages of previously copied documents.  Scary, huh?

The whole article can be found at


  1. People don't think when it comes to personal information. I love modern tech but not to use with my personal info like a cell phone. Very imformative post.

  2. Bronzi, thanks. That's one of my goals, to make people think about their personal information before its too late to do something about it. Thanks for reading (and commenting)!

  3. I am surprised that you did not mention iPads , as most contain cards as well.

  4. You are correct that iPads do contain SIM cards, a fact I did not know until about a month ago when I replaced a damaged iPad at an Apple store. They are very discreetly hidden (the SIM cards, not the Apple stores) and I had never noticed the one on my iPad. Thanks for pointing out this fact.