Blog article
See all stories »

Recycled, Lost, Stolen Phones, Equal Identity Theft

If I had a choice to give up my car or my mobile phone, I'd keep the phone. My mobile is a weapon of success. When the media or a client needs me (or someone like me) I'm right there trumping the competition. Calls received immediately or retuned in 2 minutes wherever I am in the world.

Millions of cell phones are sold every year. Many are lost, stolen, millions more end up on eBay, recycled or tossed in the trash. Many of these phones still have enough data on them to commit identity theft or, in the wrong hands, make your life miserable.

A study done in December by Regenersis, a UK based recycler, tested a sampling of 2000 cell phones. They learned 99% had personal identifying data such as banking info, credit card data, personal emails, contacts, text messages, pictures, music, videos, calendar entries, notes, mailing lists, to-do lists, automatic log-ins for Twitter, LinkedIn, Facebook and more.

Studies show cell phones are replaced on average of every 18 months. Over the past 4-5 years Blackberrys, iPhones and countless other smartphone/PDAs have flooded the market. All of these devices technologies are upgraded within 6 months and the user wants the latest and greatest.

What kind if data is on your phone today? If it fell in the wrong hands would someone have access to all your social network sites? Usernames and passwords? Customer data? Corporate secrets?

Someone recently bought a Blackberry off eBay and scored phone numbers for Hollywood producers, writers and movie stars Natalie Portman, Julianne Moore and Jude Law. Not a huge deal, but in the wrong hands problematic for the affected.

What if someone got the names, addresses and emails for everyone in your life? Not good.

Its not just cell phones that often contain data. Thumbdrives, MP3 players, are also problematic. Credant Technologies surveyed 500 dry cleaners who said they found numerous USB sticks during the course of a year. Multiplying that by the number of dry cleaners and got a figure of approximately 9000 USBs lost and found annually.

To protect yourself, consider some of the tips below, and this is not a complete list. Please feel free to add in comments.

Use IronKey thumdrives

Don’t store data that will be considered a “data breach” if lost, stolen, sold, recycled.

On phones have strong password protection. Lock it up.

Remove your sim card upon selling.

Reformat the phones operating system multiple times. This generally wipes off the data, but there are programs that do it more thoroughly. There is no universal way to reformat. It is different with every phone/manufacturer/operating system.

Robert Siciliano Identity Theft Expert discussing cell phone security Here

 

3995

Comments: (1)

A Finextra member
A Finextra member 24 February, 2009, 14:53Be the first to give this comment the thumbs up 0 likes

The Telcos could easily reduce mobile phone theft by refusing to connect stolen phones. Of course for Telcos every stolen phone equals selling a new phone to the poor victim, and whoever gets the stolen one will want to connect it. It is not something Telcos are going to stop in a hurry, the profit motive and the Telcos complete lack of ethics make it a certainty.

Locking a phone or most other user do-able actions probably won't stop who-ever steals it from recovering your data, but perhaps mobile manufacturers might provide a built-in easy means to wipe your data when required, such as before you sell it.

If you are really security concious we can anonymise your phone so that none of the entries will be of any use to a thief or subsequent buyer (or government spy).

Most of the issues with phones can be solved easily. As for my phone, I'd imagine the average thief would be very afraid to call most of the numbers in it.

Using a phone for emails is fine so long as it is browser based email, at worst you might have a few recent messages recoverable.

If you use online or mobile accessible services like banking then you are really foolish if your provider's system requires your personal or identity data to be available on the phone. You should demand more from your bank or switch, otherwise it is bound to end in tears.

On the identity front, all those precautions would be unnecessary if the service providers, including banks, had any real clue about security. It is obvious that they don't.

ID theft wouldn't be nearly so much of a problem if the FI's didn't make it so easy to impersonate their customers (and chief executives).

Perhaps now that governments are major shareholders in so many banks the governments may make a move to redress the poor performance of banks on the security and identity front. Governments require reliable identity systems too.

ID theft can easily be prevented. The whole issue is ridiculous.