USED PHONES AND PDAs POSE IDENTITY THEFT RISK

Used smartphones and PDAs are loaded with sensitive personal information ranging from banking records to text messages. These records can be easily retrieved by identity thieves, according to a study by mobile security software provider Trust Digital.

Trust Digital engineers recovered nearly 27,000 pages of personal, corporate, and device data from nine of 10 resold mobile devices purchased online for the project, including a smartphone sold by an employee of a major corporation. The salvaged data included personal banking and tax information, corporate sales activity notes, corporate client records, product roadmaps, contact address books, phone and Web logs, calendar records, personal and business correspondence, computer passwords, user medication information, and other private, competitive or potentially damaging material.

The information was retained in the flash memory of the devices because of users’ failure to perform the advanced hard reset required to delete the data. The nine devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a web services firm, and a corporate counsel of a multi-billion dollar technology company serving the legal market. The tenth device in the test was never used.