This year, not too long ago, Stellar Data Recovery held a lab investigation of second hand devices to see what kind of “residual data” was left on these devices and poses a threat to hacking or identity theft. Residual data is any type of data that has been forgotten and unintentionally left behind on a digital device even after you’ve already disposed of the device. Data is growing at a phenomenal pace and is only expected to be even greater as the years go by. With all that, you can imagine that managing the security of these devices as well as the data stored on them is the key challenge in the data privacy department. A large number of individuals are selling, exchanging, returning, recycling their devices without a clue as to where and what information can still be accessed, therefore posing a threat to their own privacy.
In this Second Hand Device Study, Stellar Data analyzed 311 used devices varying from cellphones, memory cards, and hard drives which were obtained from businesses, resellers, and directly from individuals themselves. The purpose of this whole thing was to test and determine how much residual data is left on used devices. Of course, the information findings were completely anonymized and placed into larger and broader categories for analyzation. The results showed that 7 out of 10 used devices contained residual data, which means the owners of those devices and their PII and personal data are put at risk. They are vulnerable to data leakages and privacy threats.
There was a large variety of sensitive information found on the three types of devices, these were the stats found:
- Hard Drives: 46% of the total hard drives contained personal videos, photos, ID’s, income tax records, banking details, login credentials, and driver’s licenses, etc.
- Cellphones: 60% of mobile phones contained old contacts, call recordings, photos, and baking information
- Memory cards: 98% of memory cards contained visa information, passport copies, and personal photos.
A breach of residual data poses a large amount of risk to organizations as well as the individuals themselves. We don’t want you to become a victim of identity theft. Don’t let people steal all your fundamental information that can make or break you. This study found that there is a general lack of awareness about residual data and about the right steps towards getting rid of the data before getting rid of the actual device. When working with a NAID certified company like Guardian, a company that follows all the protocols, reduces the risk of a security breach. What we need to do is spread awareness and create and follow safety practices to help keep our data safe. As the awareness increases hopefully the sheer number of breaches decreases.