Used Devices for Sale Contain Lots of Recoverable PII

Used Devices for Sale Contain Lots of Recoverable PII

Do you think of any leftover personal information when you are disposing of your old device? As it turns out, 40 percent of hard drives, mobile phones and tablets offered for re-sale contain personally identifiable information, analysis by NAID (National Association for Information Destruction) and CPR Tools reveals. To be more specific, NAID commissioned SPR tools to analyze the devices.

The study showed that 40 percent of devices offered for sale in publicly-available resale channels had personally-identifiable information within. Devices previously deployed in commercial and personal environments were included in the analysis.

Related: Which Are The Most Secure Smartphones in 2017

Devices Disclosing PII

Interestingly, tablets are on top of the list of recoverable PII with 50 percent, followed by hard drivers with 44 percent, and finally mobiles phones with 13 percent. This makes to 40 percent of devices revealing PII.

According to John Benkert, CEO at CPR Tools:

As data storage is included in nearly every aspect of technology today, so is the likelihood of unauthorized or unintended access to that data. Auction, resell, and recycling sites have created a convenient revenue stream in used devices; however, the real value is in the data that the public unintentionally leaves behind.

Recoverable PII: What Type Was Successfully Recovered?

Recovered PII included credit card information, contact information, user credentials (usernames and passwords), personal data, company data, tax details, etc.

Robert Johnson, NAID CEO, says that the results of the study are not affecting the reputation of commercial services providing secure data erasure. “We know by the ongoing audits we conduct of NAID Certified service providers that when overwriting is properly done, it is a trustworthy and effect process. The problem lies with service providers who are not qualified and, too often, with businesses and individuals who feel they can do it themselves,” Johnson concluded.

Related: WhatsApp FunXMPP Protocol Analyzed, PII Stored on Servers

Similar studies have been performed in the past, but this one is quite unique due to the recovery process employed to locate the data on more than 250 devices. The process was not sophisticated and it did not require advanced forensic training.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.