A new state audit has found that 9 percent of old computers sent to a state surplus program to be sold to the public contained confidential data, including Social Security numbers, medical records, tax forms, applications for public assistance and other sensitive information.
State Auditor Troy Kelley released a report Thursday outlining how several state agencies failed to properly erase confidential data from the computer hard drives before sending them to the surplus program.
State agencies got rid of 20,000 computers over the last two years through the Department of Enterprise Services surplus program. Some of the computers are redistributed to other agencies, non-profits or school districts, and the rest are sold to the public at a surplus store in Tumwater.
The auditor’s office inspected computers from 13 state agencies sent to the surplus program over a six week period. It found that 9 percent, or 109 of the 1,215 computers, still contained confidential information.
“With the right knowledge of data retrieval, the confidential information we found could be obtained in a few minutes,” the report said. The information on the computers “posed a risk of harm to private individuals and the state.”
Four state agencies were responsible for the data breaches: Dept. of Ecology, Dept. of Health, Dept. of Labor & Industries and the Dept. of Social and Health Services.
In addition to personal information like Social Security numbers and addresses, the computers also contained documents such as job applications, personnel evaluations and medical or financial records. The audit found that many other agencies weren’t following recommended practices to make sure that data on hard drives is erased.
Sales of surplus computers were halted after the results of the audit were shared with the state agencies, and the Office of the Chief Information Officer is working on guidelines for data removal.
Read the full audit here.