Second Hand Mobiles Contain Personal Data

YORK, England, March 22, 2011 /PRNewswire/ -- People are unsuspectingly selling their personal information to complete strangers as a new report from CPP finds half (54%) of second hand mobile phones contain extensive personal data.

Second hand mobile phones and SIM cards purchased on eBay and used electronics shops by life assistance company CPP were examined in a live experiment to see what personal information was available on the handsets and whether it constituted a threat to their former owners' identities.

The experiment revealed 247 pieces of personal data* that had been carelessly left on a range of mobile phones and SIM cards. The personal data included credit and debit card PIN numbers, bank account details, passwords, phone numbers, company information and log in details to social networking sites like Facebook and LinkedIn.  

In research that supported the experiment, half of second hand mobile owners said they have found personal information from a previous owner on mobile phones and SIM cards they have purchased second hand. 

Worryingly, the vast majority (81 per cent) of people claim to have wiped their mobiles before selling them, with six in ten confident they have removed all of their personal information from them.  However, the experiment revealed that 54 per cent of mobile phones and SIM cards contained sensitive personal information putting people at unnecessary risk of identity and card fraud.

The variance could be explained by the fact that most people who claimed to have 'wiped' their handsets tried to erase the data manually – a process that security experts acknowledge leaves the data intact and retrievable.

And it seems personal information comes cheap with individuals selling their old handsets and SIMs for an average price of 47 pounds Sterling.

As people rely heavily on their mobile phones to store personal data such as e-mail addresses, social networking log in details, banks account details and even debit and credit card PIN numbers, CPP is calling on people to make sure they remove all of their personal and financial information from their mobile phones and undertake adequate security measures to protect themselves from identity theft.

Mobile data expert from CPP, Danny Harrison said: "This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data.  With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data.

"If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so."

Senior Vice President of CRYPTOCard Jason Hart, who was commissioned by CPP to carry out the experiment said: "The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications."

CPP's top tips on wiping your mobile phone of personal information:

1. Restore all factory settings – this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data
2. Remove your SIM card and destroy it  
3. Delete back-ups -  even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else
4. Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications.  Once you are logged out make sure you delete the password and connection
5. Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password
6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side
7. Don't store vast amounts of personal information on your mobile phone / SIM
8. Make sure you check your bank statements regularly to monitor for suspicious transactions
9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details
10. If you want more information on how to protect yourself or see how these experiments worked, please visit CPP's blog

Notes to editor

247 pieces of data were left on 19 of the 35 mobiles phones and 27 of the 50 SIM cards

All data found on the mobile phones was deleted – either manually or by using the forensic software to remove and destroy the information. The SIM cards were destroyed.

Research Methodology

ICM interviewed a random sample of 2011 adults aged 18+ online between 16 – 18 February 2011.  Surveys were conducted across the country and the results have been weighted to the profile of all adults.  ICM is a member of the British Polling Council and abides by its rules.  Further information at www.icmresearch.co.uk    

A live experiment was also carried out in February 2011.  Ethical hacker Jason Hart was commissioned by CPP to conduct a number of reviews relating to the data contents of re-sold mobile devices used and SIM cards within the United Kingdom with the objective of the review being:

• Understand if sensitive information has been left on resold  mobile devices
• Understand what type of information is stored
• To see if information can be recovered from resold mobile devices even if the mobile device has been deleted by using software freely available on the internet
• Understand what information can be found on used SIM cards
• To see if it would be possible to use any information found to on a mobile device and or SIM to conduct any form of identity theft against the original owner of the device and or SIM.

35 second hand mobile phones and 50 SIM cards were analysed using the following techniques:

• A mobile phone SIM Reader (a standard SIM reader that can be purchased from most electric stores)
• SIM recovery software
• Forensic examination software - mobile forensic software that analysis mobile phones, smartphones and PDAs for data.

Corporate Background Information

The CPPGroup Plc

The CPPGroup Plc (CPP) is an international marketing services business offering bespoke customer management solutions to multi-sector business partners designed to enhance their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability.  

This is underpinned by the delivery of a portfolio of complementary Life Assistance products, designed to help our mutual customers cope with the anxieties associated with the challenges and opportunities of everyday life.

Whether our customers have lost their wallets, been a victim of identity fraud or looking for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to enjoy life. Globally, our Life Assistance products and services are designed to simplify the complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live life and worry less.

Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year.

In 2010, Group revenue was 325.8 million pounds Sterling, an increase of more than 12 per cent over the previous year.

In March 2010, CPP debuted on the London Stock Exchange (LSE).

What We Do:

CPP provides a range of assistance products and services that allow our business partners to forge closer relationships with their customers.

We have a solution for many eventualities, including:

• Insuring our customers' mobile phones against loss, theft and damage
• Protecting the payment cards in our customers' wallets and purses, should these be lost or stolen
• Providing assistance and protection if a customer's keys are lost or stolen
• Providing advice, insurance and assistance to protect customers against the insidious crime of identity fraud
• Assisting customers with their travel needs be it an emergency (for example lost passport), or basic translation service
• Monitoring the credit status of our customers
• Provision of packaged services to business partners' customers

CPP is an award winning organisation:

• Winner in the European Contact Centre Awards, Large Team of the Year category, 2010
• Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010
• Finalist in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010
• Finalist in the National Insurance Fraud Awards, Counter Fraud Initiative of the Year category, 2009
• Finalist in the European Contact Centre Awards, Large Team and Advisor of the Year categories, 2009
• Named in the Sunday Times 2008 PricewaterhouseCoopers Profit Track 100
• Finalists in the National Business Awards, 3i Growth Strategy category, 2008
• Finalist in the National Business Awards, Business of the Year category, 2007, 2009 and Highly Commended in 2008
• Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top Track 250 companies
• Regional winner of the National Training Awards, 2007
• Winner of the BITC Health, Work and Well-Being Award, 2007
• Highly Commended in the UK National Customer Service Awards, 2006
• Winner of the Tamworth Community Involvement Award, 2006. Finalist in 2008
• Highly Commended in The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007
• Finalist in the National Business Awards, Innovation category, 2005

For more information on CPP click on www.cppgroupplc.com

SOURCE CPP