What PII Data to Wipe Before Transferring Vehicle Ownership
Vehicles today are computer systems that contain tremendous amounts of digital personal information about you…similar to a smart phone. If you plan on selling, junking, donating, or trading in a vehicle you need to wipe your sensitive information or the next owner may have access to it. This information in the security world is called PII, which stands for personal identifiable information. It is what scammers and hackers use to steal and impersonate identities.
When we get rid of a vehicle, we often think of emptying the center console, glove box and trunk, but your navigation and dash computer system is where your PII data truly sits. If your vehicle was totaled in an accident, your insurance company may junk it on your behalf, with your PII still in it. Below I will discuss what data need to clear from your vehicle to protect your personal identity and security when selling, junking, donating or trading in your vehicle.
Why You Should Clear Your Personal Data
Back in the day your vehicle had no personal data in it other than a few radio presets and your odometer reading. Now vehicles are computer based machines that monitor and store everything from your driver settings to your climate control. These new vehicles are referred to as connected cars. This is even more true in hybrid and electric vehicles.
An example of a data storage is the OBD (on board diagnostics). You can plug a smart phone into a ODB port in a junkyard and look at the previous owners driving habits. If you are wondering how this info could be leveraged, you can potentially use it in an insurance scam. Its easy to get a used car report and pull previous owners name and address and then combine it with this information. That’s just the ODB, if the vehicle has a navigation system, its a goldmine for PII. With a navigation system, someone can see where you live and work, what routes you take, and figure out what times you are away from your home, office, of vehicle.
According to InterTrust “Once autonomous vehicles become mainstream, the 17,600 minutes Americans spend driving annually will equate to 300 TB of data per year. Financial information, personal trip information, location information and entertainment preferences are just some examples of PII that can potentially be stolen through a vehicle’s system.”
If you think doing these steps to clear PII data from a vehicle is unnecessary or over reactive, perhaps read the car hackers handbook. You can also read how recently a bluetooth vehicle hack exposed millions of users PII.
Resetting Factory Defaults Is A Good Start, but…
Some vehicles systems contain a factory reset option that will clear all data and return them to the original manufacturer settings. Even if you do a factory default reset, it may not be enough. This will not disconnect mobile wi-fi hot spots (which may have plain text unencrypted passwords), subscription services like Sirius Radio and Onstar, and other data services you connected. You must cancel all subscription services, change your passwords, and/or transfer them to your new vehicle.
What Data Should You Clear From Your Vehicle
Share this Image On Your Site
No matter whether you sell, junk, trade in, or donate your car you should consider DELETING all the following data…
- GPS of all pre-programmed destinations and customized favorite places you have stored in the navigation system like home and work. This includes clearing your route history, which someone can use to know where you go and what times you are out of the house.
- Any Bluetooth Pairings. These can be potentially leveraged to access your phone or devices from the vehicle
- Stored contacts like phone numbers, call history, phone contacts, and address books. Some vehicles will download these when you sync your phone.
- Built in garage door opener codes, which someone could use to get in your house…which if they have your home address from your navigation is easy.
- Wifi and/or hostspot settings and passwords. If you reuse username and passwords elsewhere this is particularly important.
- Remove any OBD recorders that you may have added
- USB Drives you plugged in (check hidden places like center console and glove box).
- In vehicle mobile app log-in details like username and password. Particularly important if you have a digital wallet like Apple Pay linked which is tied to your credit card
- Any apps on your phone related to the vehicle. Some vehicle manufacturers have apps that let you control the car from outside of it or find the car.
- Digital music that might be stored on an internal hard drive. Some of this music you may have paid for and someone can lock you out of it
All Physical Things You Should Remove to Protect Your PII
Removing physical objects like receipts, registration and insurance info, paperwork or forms from your vehicle feels obvious when cleaning out the glove box, center console and trunk of your car. If you have truck you need to check the extended cab, the bed, and any bed compartments or tool boxes. RV’s are even more of a challenge because of the size and the fact that these are basically like home on wheels. These have closets, dresser draws, and hidden compartments to check.
No matter the vehicle type, there is one physical device that is so easy to miss when you get rid of a vehicle…
Hidden or Out of Sight USB Drives or OBD Recorders
Take any USB Keys which may be behind the glove box or in the center console. A personal USB key might have more than music on it and contain pictures, documents, and other stuff you might consider sensitive. I have definitely found unencrypted USB drives on junkyard vehicles with PII on them. The previous owner probably brought a personal thumb drive into the car to play music and didn’t consider other PII on the device.
There are some cars like newer BMW’s that contain your driver settings on USB drives. They use these to transfer your driver settings to a loaner car when you take your Bimmer in for service. Take or clear out these USB devices as well, to be safe. Many drives like this are small and easy to miss especially because they are located in glove boxes, center consoles, or other tucked away places. Its easy to forget you plugged a USB in your vehicle, so check anyway if you have USB ports.
Some insurance companies may provide you with an OBD recorder or perhaps you installed one yourself. If you have one installed…remove it.
All Things You Should Cancel
Aside from the obvious turning in your plates and canceling your insurance, you need to consider your subscription services.
- Onstar subscription and reporting. If you don’t you may get reports on your old car about the new owner
- Radio subscription services like Sirius, Apple Play, and Amazon Music
- Map subscription services that you pay for to update your navigation system
Where to Find Out How To Clear Your PII
All vehicles are different and for info on your specific vehicle to reset or remove PII check the owners manual. Additionally you can get in touch with the dealer or check your vehicles manufacturers website. You may also be able to find YouTube videos that show you step by step how to clear your vehicles data and restore factory defaults.
Why Clearing Your Data is Critical Before a Change of Ownership
Sure you could blindly trust that the new owner of your vehicle will do the right thing, but is it worth the risk. Going through your navigation is more telling about your PII than going through your garbage at your house. 1000’s of junked and wrecked vehicles hit salvage yards everyday…these vehicles are exposed to 1000’s of people looking for parts. They will pull your navi out and go through it and potentially leverage anything they can to extract value out of. If you own a car, truck, or RV that was manufactured in 2008 or later, you need to consider clearing PII data before signing over your title to anyone!! When you are getting ready to junk your car, things can happen quickly…do not wait to start clearing data. You don’t know how many times a vehicle may change ownership or where your car parts go after its junked.
My general rule of thumb: Clear your data long before signing over the title. As soon as you decide the vehicle will no longer be yours start clearing data. if you have been in a wreck, get to the vehicle and clear your data. If the vehicle is impounded and going to eventually go to auction…call and ask to clear your PII from the vehicle.