PINs, bank and card data left on second-hand mobiles

Mobile phone sellers accidentally pass on personal data in used devices...

By Shelley Portet, 22 March 2011 16:57


Second-hand mobile phones often contain personal data, despite the attempts of owners to wipe devices before selling them on, according to data-protection company CPP.

Just over half of second-hand mobiles and SIM cards sold online, some 54 per cent, contain sensitive personal data, a study commissioned by CPP found.

Second-hand mobile sellers risk passing on personal data

The fast-moving smartphone market encourages people to upgrade and sell on their old mobiles, increasing the risk of passing on personal dataPhoto: Shutterstock

Information retrieved from second-hand mobiles and SIM cards included credit- and debit-card details, PINs, bank-account details, passwords, phone numbers, company information and logins to social-networking sites such as Facebook and Twitter.

Private data is being passed on even though 81 per cent of people surveyed said they had wiped their mobile before selling it.

According to the report, most people who thought they had wiped their handsets tried to erase the data manually, which can often leave information intact and retrievable.

Jason Hart, senior vice president of CryptoCard, who carried out the research for CPP, said in a statement that mobiles are becoming harder for users to wipe clean.

"With new technology comes new risks, and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications.

"The safest way to remove all your data from a mobile or SIM card is to destroy the SIM," Hart said.

Last year the Home Office acknowledged the threat of lost and stolen mobile phones becoming a vehicle for identity fraud and announced support for products that helped protect mobile data.

The unwitting sale of personal information is becoming more common as more mobile devices flood the market, according to CPP mobile-data expert Danny Harrison: "With the rapid technology advancements in the smartphone market and new models released by manufacturers multiple times a year, consumers are upgrading their mobiles more than ever."

Harrison added that individuals need to take the threat of passing on personal information seriously.

"If they do sell or recycle [mobile phones] online or even give them to friends and family, they need to ensure they remove all their personal information and consider the serious consequences of not doing so."


There are 2 comments. Join the discussion

  1. 1. mesername

    "The safest way to remove all your data from a mobile or SIM card is to destroy the SIM," Hart said.

    That's all very well, but doesn't it only address the data on the SIM, the 2nd part of the requirement ?

    Is Hart fighting shy of suggesting destroying the Mobile , or just leaving one to infer such an impalatable option if one can - assimilate it.

    The SIM Memory is typically very limited in comparison to the multiple GBs requires for smartphone applications.

    Like a PC , only a Disk format renders data not vreadily accessible, though physical destruction of the storage medium (be that SIM or Phone) is the only sure way, n'est ce pas ?

    • 23 March 2011 11:30
    • Add comment
  2. 2. itwhiz

    Not only is bank data available, a friend of mine purchased a 2nd hand phone a few years back and it still had the memory card in from the previous owner. There were several pictures on the memory card that wouldn't of looked out of place in a top shelf men's magazine.

    Destroying the SIM - what if you remove your SIM to use in your new phone !! Some phones allow you to save to memory or SIM so again destroying the SIM will have no affect. You have got to clear the memory of the phone.

    On a PC, formatting the disk does not destroy all the data, it is still accessible with the correct software, you need a disk eraser, which physically 'NULLS' every storage location on the disk.

    One way to clear a phones memory of sensitive data is to

    1) Switch it to save to memory- remove any memory card thus making the phone use it's internal memory
    2) Save some rubbish data to multiple files in memory until it is full.
    3) Reset to factory defaults.

    Then if somebody does look at the phone memory all they will find is rubbish.

    • 25 March 2011 12:10
    • Add comment

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Keep in touch with newsletters