A recent experiment by life assistance company CPP reveals many people are leaving personal details on their mobile phone or SIM card, leaving them more vulnerable to identity fraud when they sell them on.

1. ®
Do you store personal data
on your mobile phone?
If you do then you could be putting yourself at risk of identity fraud, especially
if you sell or dispose of your mobile phone without completely wiping personal
data. In our live experiment we examined 35 second hand mobile phones
and 50 SIM cards purchased on eBay as well as used electronics shops, to see
what personal information was available on the handsets and whether it
constituted a threat to their former owners’ identities.
Key findings
Key
findings
54% of second hand mobile phones contained personal data
including credit/debit card numbers, PIN numbers and passwords
54%
®
The experiment revealed 247 pieces of personal information
despite the vast majority of people (81%) claiming to have
wiped their mobile or SIM card before selling them 81%
Half of second hand mobile phone owners
admitted they have found personal 50%
information from a previous owner
58 per cent have sold or given away an
old mobile phone or SIM card with the
58%
average resale price of £47
Manually wiping the data was the most common method to delete information
- a process that security experts acknowledge leaves the data intact and retrievable

2. ®
On the mobile phones and SIM cards we reviewed we
found the following data:
Passwords Contacts
Usernames Credit Cards Numbers
SMS Bank Details Video
Photos Email Address
Notes Company Information
CPP’s top tips on wiping your mobile phone of personal information:
Restore all factory settings – this is the first step that you should take as it is the easiest precaution before disposing of
the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data
Remove your SIM card and destroy it
Delete back-ups - even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to
exist on a back up somewhere else
Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company
networks and applications. Once you are logged out make sure you delete the password and connection
Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you
are going to store them on your phone use a picture that reminds you of the password
If you are selling on your phone ensure you ask for it to be wiped to be on the safe side
Don’t store vast amounts of personal information on your mobile phone / SIM
Make sure you check your bank statements regularly to monitor for suspicious transactions
Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few
personal details
If you want more information on how to protect yourself or see how these experiments worked, please visit CPP’s blog
http://blog.cpp.co.uk/
ICM interviewed a random sample of 2011 adults aged 18+ online between 16 – 18 February 2011. Surveys were conducted across the country and the results have been
weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further formation at www.icmresearch.co.uk. A live experiment
was also carried out in February 2011. Ethical hacker Jason Hart was commissioned by CPP to conduct a number of reviews relating to the data contents of re-sold mobile
devices used and SIM cards within the United Kingdom. 35 second hand mobile phones and 50 SIM cards were analysed during the live experiment. All data found on
mobile phones was deleted - either manually or by using the forensic software to remove and destroy the information. The SIM cards were destoyed.