Second Hand Mobiles Contain Personal Data

By Cpp, PRNE
Monday, March 21, 2011

YORK, England, March 22, 2011 - People are unsuspectingly selling their personal information to complete
strangers as a new report from CPP finds half (54%) of second hand mobile
phones contain extensive personal data.

Second hand mobile phones and SIM cards purchased on eBay and used
electronics shops by life assistance ( company CPP were examined in a
live experiment to see what personal information was available on the
handsets and whether it constituted a threat to their former owners'

The experiment revealed 247 pieces of personal data* that had been
carelessly left on a range of mobile phones and SIM cards. The personal data
included credit and debit card PIN numbers, bank account details, passwords,
phone numbers, company information and log in details to social networking
sites like Facebook and LinkedIn.

In research that supported the experiment, half of second hand mobile
owners said they have found personal information from a previous owner on
mobile phones and SIM cards they have purchased second hand.

Worryingly, the vast majority (81 per cent) of people claim to have wiped
their mobiles before selling them, with six in ten confident they have
removed all of their personal information from them. However, the experiment
revealed that 54 per cent of mobile phones and SIM cards contained sensitive
personal information putting people at unnecessary risk of identity and card
fraud (

The variance could be explained by the fact that most people who claimed
to have 'wiped' their handsets tried to erase the data manually - a process
that security experts acknowledge leaves the data intact and retrievable.

And it seems personal information comes cheap with individuals selling
their old handsets and SIMs for an average price of GBP47.

As people rely heavily on their mobile phones to store personal data such
as email addresses, social networking log in details, banks account details
and even debit and credit card PIN numbers, CPP is calling on people to make
sure they remove all of their personal and financial information from their
mobile phones and undertake adequate security measures to protect themselves
from identity theft (

Mobile data expert from CPP, Danny Harrison said: "This report is a
shocking wake up call and shows how mobile phones can inadvertently cause
people to be careless with their personal data. With the rapid technology
advancements in the smartphone market and new models released by manufactures
multiple times a year, consumers are upgrading their mobiles more than ever
and it is imperative people take personal responsibility to properly manage
their own data.

"If they do sell or recycle them online or even give them to friends and
family, they need to ensure they remove all their personal information
thoroughly and consider the serious consequences of not doing so."

Senior Vice President of CRYPTOCard Jason Hart, who was commissioned by
CPP to carry out the experiment said: "The safest way to remove all of your
data from a mobile phone or SIM card is to totally destroy the SIM and double
check to ensure that all content has been removed from your phone before
disposal. With new technology does come new risks and our experiment found
that newer smartphones have more capabilities to store information and that
information is much easier to recover than on traditional mobiles due to the
increase of applications."

CPP's top tips on wiping your mobile phone of personal information:

1. Restore all factory settings - this is the first step that you should
take as it is the easiest precaution before disposing of the unit, but
factory resets are far from permanent so follow steps 2 - 4 to protect your

2. Remove your SIM card and destroy it

3. Delete back-ups - even if your smartphone, PDA or laptop data is
securely removed from the mobile device, it can continue to exist on a back
up somewhere else

4. Log out and delete- make sure you have logged out of all social
networking sites, emails, wireless connections, company networks and
applications. Once you are logged out make sure you delete the password and

5. Various passwords - avoid using the same ID/password on multiple
systems and storing them on your mobile phone, if you are going to store them
on your phone use a picture that reminds you of the password

6. If you are selling on your phone ensure you ask for it to be wiped to
be on the safe side

7. Don't store vast amounts of personal information on your mobile phone

8. Make sure you check your bank statements regularly to monitor for
suspicious transactions

9. Remember the Golden Rule: Identity thieves are experts at spotting an
opportunity to steal your identity and only need a few personal details

10. If you want more information on how to protect yourself or see how
these experiments worked, please visit CPP's blog (

Notes to editor

247 pieces of data were left on 19 of the 35 mobiles phones and 27 of the
50 SIM cards

All data found on the mobile phones was deleted - either manually or by
using the forensic software to remove and destroy the information. The SIM
cards were destroyed.

Research Methodology

ICM interviewed a random sample of 2011 adults aged 18+ online between 16
- 18 February 2011. Surveys were conducted across the country and the results
have been weighted to the profile of all adults. ICM is a member of the
British Polling Council and abides by its rules. Further information at

A live experiment was also carried out in February 2011. Ethical hacker
Jason Hart was commissioned by CPP to conduct a number of reviews relating to
the data contents of re-sold mobile devices used and SIM cards within the
United Kingdom with the objective of the review being:

- Understand if sensitive information has been left on resold mobile

- Understand what type of information is stored

- To see if information can be recovered from resold mobile devices even
if the mobile device has been deleted by using software freely available on
the internet

- Understand what information can be found on used SIM cards

- To see if it would be possible to use any information found to on a
mobile device and or SIM to conduct any form of identity theft against the
original owner of the device and or SIM.

35 second hand mobile phones and 50 SIM cards were analysed using the
following techniques:

- A mobile phone SIM Reader (a standard SIM reader that can be
purchased from most electric stores)

- SIM recovery software

- Forensic examination software - mobile forensic software
that analysis mobile phones, smartphones and PDAs for data.

Corporate Background Information

The CPPGroup Plc

The CPPGroup Plc (CPP) is an international marketing services business
offering bespoke customer management solutions to multi-sector business
partners designed to enhance their customer revenue, engagement and loyalty,
whilst at the same time reducing cost to deliver improved profitability.

This is underpinned by the delivery of a portfolio of complementary Life
Assistance products, designed to help our mutual customers cope with the
anxieties associated with the challenges and opportunities of everyday life.

Whether our customers have lost their wallets, been a victim of identity
fraud or looking for lifestyle perks, CPP can help remove the hassle from
their lives leaving them free to enjoy life. Globally, our Life Assistance
products and services are designed to simplify the complexities of everyday
living whether these affect personal finances, home, travel, personal data or
future plans. When it really matters, Life Assistance enables people to live
life and worry less.

Established in 1980, CPP has 11 million customers and more than 200
business partners across Europe, North America and Asia and employs 2,300
employees who handle millions of sales and service conversations each year.

In 2010, Group revenue was GBP325.8 million, an increase of more than 12
per cent over the previous year.

In March 2010, CPP debuted on the London Stock Exchange (LSE).

What We Do:

CPP provides a range of assistance products and services that allow our
business partners to forge closer relationships with their customers.

We have a solution for many eventualities, including:

- Insuring our customers' mobile phones against loss, theft and damage

- Protecting the payment cards in our customers' wallets and purses,
should these be lost or stolen

- Providing assistance and protection if a customer's keys are lost or

- Providing advice, insurance and assistance to protect customers against
the insidious crime of identity fraud

- Assisting customers with their travel needs be it an emergency (for
example lost passport), or basic translation service

- Monitoring the credit status of our customers

- Provision of packaged services to business partners' customers

CPP is an award winning organisation:

- Winner in the European Contact Centre Awards, Large Team of the Year
category, 2010

- Finalist in the European Contact Centre Awards, Best Centre for
Customer Service, Large Contact Centre of the Year categories, 2010

- Finalist in the National Sales Awards, Contact Centre Sales Team of the
Year category, 2010

- Finalist in the National Insurance Fraud Awards, Counter Fraud
Initiative of the Year category, 2009

- Finalist in the European Contact Centre Awards, Large Team and Advisor
of the Year categories, 2009

- Named in the Sunday Times 2008 PricewaterhouseCoopers Profit Track 100

- Finalists in the National Business Awards, 3i Growth Strategy category,

- Finalist in the National Business Awards, Business of the Year
category, 2007, 2009 and Highly Commended in 2008

- Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top Track 250

- Regional winner of the National Training Awards, 2007

- Winner of the BITC Health, Work and Well-Being Award, 2007

- Highly Commended in the UK National Customer Service Awards, 2006

- Winner of the Tamworth Community Involvement Award, 2006. Finalist in

- Highly Commended in The Press Best Link Between Business and Education,
2005 and 2006. Winner in 2007

- Finalist in the National Business Awards, Innovation category, 2005

For more information on CPP click on

For more information or to arrange a time for interview with CPP's mobile expert, Danny Harrison, please call Band & Brown Communications: - Sarah Davidson -+44(0)203-451-9405/ +44(0)7731-462451 - Bryony Partridge - +44(0)203-451-9406 / +44(0)7846-004-416

will not be displayed