Investigation reveals accessible personal data on second-hand phones


by Kate Heslop| 07 February 2014

The UK's biggest pawn shops were not permanently deleting phone data, and specialist software can access your personal details through your old phone.

An investigation by Channel 4 News has revealed that two of the UK's most popular pawn shops are selling second-hand phones without deleting the previous owner's data.

CEX and Cash Converters have not been wiping the data from second-hand phones to a sufficient level, meaning that specialist software can still pull personal data from phones.

SensePost, a provider of information security services, worked with Channel 4 News by using software to access data from second-hand phone. It took less than an hour to retrieve personal data about the previous owner.

The data included texts, bank details, photos and internet searches. SensePost were also able to access Facebook accounts.

Chief executive of Cash Converters, David Patrick, told Channel 4 News that standard procedures for deleting data on phones was in place.

"All phones are wiped to a standard level and full factory restores are carried out. It is our understanding that specialist software may still be able to recover certain information stored on the phone, but we do everything in our power to ensure all personal data is removed from the device."

However, the investigation has shown that restoring phones to their factory settings are not enough to wipe the phone's memory completely.

Sven Boddington, vice president of global marketing and client solutions at Teleplan believes that these business need to do more to ensure that personal data is completely wiped, rather than to just a "standard level".

"To say its worrying to find two of the largest pawn shop chains are selling mobile phones with data still on them is an understatement. As consumers, we are becoming increasingly reliant on our mobile devices, from basic communications, social media, to mobile banking and payment transactions, and therefore the data they carry is more and more sensitive.

"Businesses that process mobile devices such as smartphones and tablets for use as second hand products have a responsibility to the sellers, and buyers of these devices to ensure that the proper security procedures are applied so that personal data is thoroughly and permanently destroyed. It's not good enough to delete the personal data to only a "basic standard" or worse still, not at all as there is an obligation to comply with data protection laws."

Since the investigation, both Cash Converters and CEX are investigating new procedures to fully erase second-hand phones to protect the previous owner's personal data.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1528 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.