CPR Tools Analysis Reveals Resale Channels As Source for Unwiped PII

According to the latest research from CPR-Tools, 40% of hard drives, mobile devices and tablets sold on the re-use markets contain personally identifiable information (PII).  The Ft. Meyers, FL-based data recovery and security firm used downloadable shareware to recover PII on 250 randomly selected storage devices. The company used unsophisticated methods to recover the data and notes that no forensic training was required to access the information.

In the course of the analysis CPR-Tools recovered credit card information, contact information, usernames and passwords, company and personal data, tax details, and more.

Mobile phones gave up about 13% recoverable data, while tablets topped the list at 50%. PII was also located on 44% of the hard drives.. The devices involved in the study were “working” units that had been previously used in both commercial and personal environments.

“As data storage is included in nearly every aspect of technology today, so is the likelihood of unauthorized or unintended access to that data. Auction, resell, and recycling sites have created a convenient revenue stream in used devices; however, the real value is in the data that the public unintentionally leaves behind,” said John Benkert, CEO at CPR Tools.

CPRTools is a key technology partner for DestructData and the developer of the Validator drive erasure verification tool.