Used devices are a treasure trove of personally identifiable information
40 percent of hard drives, mobile phones and tablets resold in publicly-available resale channels contain personally identifiable information (PII), according to an analysis by CPR Tools.
While there have been similar studies over the past decade, the recovery process used to locate the data on more than 250 devices for this study was, by design, not sophisticated nor was forensic training required. All methods leveraged downloadable shareware.
PII recovered included credit card information, contact information, usernames and passwords, company and personal data, tax details, and more.
While mobile phones had less recoverable PII at 13%, tablets were disturbingly found with the highest amount at 50%. PII was also found on 44% of hard drives. In total, 40% of the devices yielded PII. The study included devices that had been previously deployed in both commercial and personal environments.
The current state of electronic storage has made it possible for nearly every adult to carry a form of data storage device. “As data storage is included in nearly every aspect of technology today, so is the likelihood of unauthorized or unintended access to that data. Auction, resell, and recycling sites have created a convenient revenue stream in used devices; however, the real value is in the data that the public unintentionally leaves behind,” said John Benkert, CEO at CPR Tools.