Retailer provided me with a stranger's personal data - Am I at risk?

[RogerC]

Arizona.

I suspect this may not be the correct forum, but I don't see one specific to matters of data security breech. I'm also not really sure if I should even be concerned.

I purchased an iPhone 8+ from Fry's Electronics. They gave me the phone in a box along with a separate SIM card, telling me to install the SIM and call to have the phone activated. When I went to install, I found there was already a SIM card in the phone.

I turned the phone on, (no passcode required), to find someone else's personal data throughout the phone. It was set-up and working perfectly as if this other person still owned it. Multiple email accounts were configured and receiving email. Thousands of emails in Inboxes. Hundreds of photos (some with children), many social media Apps (I assume may be configured to directly access those accounts), hundreds of text messages (including business account access codes), WhatsApp chats, etc. I've not attempted to open them, but there are also many banking, retail store and a couple of health Apps.

My first inclination was to return the phone and be done with it. But then I started thinking of the situation the Retailer has put me in and wonder if I need to do something to protect myself with regard to all of this personal information being under my oversight for a period of time. In the chance this persons personal data gets stolen in the future and it becomes known that I had it at one time, it seems I have been thrust into a possible investigation here that could lead to me being suspect.

I'm also wondering if I should email the former owner to let him know what has happened.

Does anyone feel I may be at any risk for some level of liability for having had this information? What should I do with regard to returning the phone?

 

[Zigner]

Return the phone and ask for a (new) replacement. Once you have it, move on with your life. You are overthinking this.
I would not suggest emailing the former owner...I mean, once you realized the data was there, you stopped reading and immediately returned the phone, right?

 

[quincy]

What is the name of your state? I suspect this may not be the correct forum, but I don't see one specific to matters of data security breech. I'm also not really sure if I should even be concerned.

I purchased an iPhone 8+ from Fry's Electronics. They gave me the phone in a box along with a separate SIM card, telling me to install the SIM and call to have the phone activated. When I went to install, I found there was already a SIM card in the phone.

I turned the phone on, (no passcode required), to find someone else's personal data throughout the phone. It was set-up and working perfectly as if this other person still owned it. Multiple email accounts were configured and receiving email. Thousands of emails in Inboxes. Hundreds of photos (some with children), many social media Apps (I assume may be configured to directly access those accounts), hundreds of text messages (including business account access codes), WhatsApp chats, etc. I've not attempted to open them, but there are also many banking, retail store and a couple of health Apps.

My first inclination was to return the phone and be done with it. But then I started thinking of the situation the Retailer has put me in and wonder if I need to do something to protect myself with regard to all of this personal information being under my oversight for a period of time. In the chance this persons personal data gets stolen in the future and it becomes known that I had it at one time, it seems I have been thrust into a possible investigation here that could lead to me being suspect.

I'm also wondering if I should email the former owner to let him know what has happened.

Does anyone feel I may be at any risk for some level of liability for having had this information? What should I do with regard to returning the phone?

What is the name of your state?

I recommend you turn the SIM card into the police and explain the situation. You do not want to keep the card in your possession.

Turning it into the police is what you do when you find any lost item, like a wallet on the street.

You can then contact the store and let the store know you found someone else's SIM card in your phone and have turned it into the police.

That is all you need to do. It will be up to the person whose SIM card was in your phone to take it from there.

 

[RogerC]

Return the phone and ask for a (new) replacement. Once you have it, move on with your life. You are overthinking this.
I would not suggest emailing the former owner...I mean, once you realized the data was there, you stopped reading and immediately returned the phone, right?

Thank you Zigner. I do think I may have been spinning it unreasonably in my head. But when it occurred to me how upset I'd be if it were my information that was given to a complete stranger, I thought I'd probably like to have been made aware.

Yes, once I saw what I had, I didn't dig into it any further. I'll be taking the phone back later today and may take quincy's suggestion of giving the SIM to the police first.

Of course, returning the phone raises another issue for me... as an 'open box' item, I bought it at a considerable discount ($450 off) and signed an AT&T wireless contract under a total cost analysis that included those savings. Had the phone been full price ($800), I would have gone with Verizon.

 

[RogerC]

I recommend you turn the SIM card into the police and explain the situation. You do not want to keep the card in your possession.

Thank you quincy. Your suggestion would make me feel better about the whole mess. I will most likely do that.

 

[Zigner]

In that case, simply do a factory reset and be done with it. You bought a USED phone and you knew it.

 

[Zigner]

I would like to point out that the SIM card itself doesn't contain all of the items you speak of. Turning the SIM over to the police is fine (if they even want it), but the info is still on the phone.

 

[RogerC]

In that case, simply do a factory reset and be done with it. You bought a USED phone and you knew it.

Oh yes, of course. Never meant to imply I was somehow expecting a new phone. My concern was purely with the situation the retailer put me in with regard to being liable should something happen, by having been given someone's personal data.

I think I'll see if the police want the SIM card and then get a new SIM card from Fry's (I didn't mention in original post... the new SIM they gave me separately doesn't even fit the iPhone 8) and reset the phone.

 

[Zigner]

The sim cards usually are break-away so they fit multiple sizes.

 

[quincy]

Oh yes, of course. Never meant to imply I was somehow expecting a new phone. My concern was purely with the situation the retailer put me in with regard to being liable should something happen, by having been given someone's personal data.

I think I'll see if the police want the SIM card and then get a new SIM card from Fry's (I didn't mention in original post... the new SIM they gave me separately doesn't even fit the iPhone 8) and reset the phone.

You would only be held liable if you use the other owner's information in an illegal way - just as you would only be held liable if you find a lost wallet and keep all of the money in it.

 

[Zigner]

Arguably, the SIM doesn't even belong to the former owner. The former owner turned it in with the phone and received compensation (probably a new phone & sim card) for it.

 

[RogerC]

You would only be held liable if you use the other owner's information in an illegal way.

I would never use it.

My only thought was... if at some time in the future, the person's personal information is stolen and a theft of financial significance is committed, and a thorough investigation somehow pointed to the data on his former phone, I will have been made suspect by the carelessness of the Retailer.

In typing that out, I realize now how ridiculously paranoid that is.

 

[quincy]

I would never use it.

My only thought was... if at some time in the future, the person's personal information is stolen and a theft of financial significance is committed, and a thorough investigation somehow pointed to the data on his former phone, I will have been made suspect by the carelessness of the Retailer.

In typing that out, I realize now how ridiculously paranoid that is.

Yup. It is sort of ridiculously paranoid.