cyber attack
The economic loss from a massive global cyber-attack could be on par with the cost incurred by Hurricane Katrina in 2005.Creative Commons

You deleted your memory card's data and thought you're ready to sell it to another user. You might want to reconsider your decision.

A group of researchers from the University of Hertfordshire in the United Kingdom has revealed that memory cards could still contain remnants of personal data even after deleting them. In fact, 36 out of 100 second-hand memory cards they bought from online store eBay, hand-me-down shops, and other sources have tested positive.

Meanwhile, 29 of them have been formatted but data is easily recoverable and 2 cards had their data deleted but also easily recoverable. Only 25 were properly formatted while 4 were not broken and another 4 had no data.

The researchers were able to recover selfies, personal documents, and even intimate photos from the subject storage devices, usually taken from smartphones, cameras, drones, and SatNav systems. Documents range from passport copies, resumes, contact lists, navigation files, browsing history, identification numbers, and more.

SanDisk Memory Card With Adapter
Representational picture

According to, the company who commissioned this research, it's not sufficient to just delete the contents of memory cards.

"Often the problem is not that people don't wipe their SD cards; it's that they don't do it properly. Simply deleting a file from a device only removes the reference that points to where a computer could find that file in the card memory. It doesn't actually delete the ones and zeros that make up the file," said Paul Bischoff, privacy advocate for the firm.

For these data to be removed, they have to overwritten by something else or be fully erased and reformatted.

The findings of the study have been recurring ones as previous separate researches had yielded almost similar results. In 2010, forensics expert Disklab discovered that 50 percent of tested second-hand mobile phones on eBay still contained personal data, including credit card information, call logs, account details, and intimate photos.

In 2012, the U.K.'s Information Commissioner's Office found that 10 used hard drives still had the personal data of the previous owner.