Several state agencies likely gave away or sold hundreds of surplus computers that still contained confidential information, such as Social Security numbers, medical records and tax forms, according to an audit released Thursday.
Auditors examined only the computers sent to surplus by 13 agencies over a six-week period last summer. But they estimated that 109 of those computers — 9 percent of them — contained confidential information.
“With the right knowledge of data retrieval, the confidential information we found could be obtained in a few minutes,” according to the audit report. “Had these computers been sold, the presence of confidential information on their hard drives posed a risk of harm to private individuals and the state.”
The audit did not mention any specific cases of identity theft associated with the confidential information.
Most Read Stories
- Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system | Times Watchdog
- FBI joining criminal investigation into certification of Boeing 737 MAX
- Former Seahawks safety Earl Thomas finally explains that middle finger
- The time Seattle neighbors sued Howard Schultz and Kurt Cobain's estate over a driveway in a park
- Extra pilot saved doomed Lion Air jetliner on next-to-last flight
The surplus computers with confidential information originally belonged to the state departments of ecology; health; labor & industries; and social and health services, according to the report.
Overall, nearly 20,000 computers have been sent to surplus over the last two years, the auditors noted. Nine percent of that would be 1,800 computers with confidential information.
Some surplus computers are given to other state organizations, school districts or nonprofits. Others are sold to the public.
State Auditor Troy Kelley said in the report that his office conducted the audit to help assess the state’s technology security.
In addition to the confidential information, the auditors identified four state agencies that did not have documented procedures for wiping surplus computers and 10 that “did not follow the recommended leading practice of verifying data on hard drives is erased or destroyed.”
State officials responded quickly to the findings, according to the audit report. Officials quarantined computers, halted sales and established new guidelines.
The state is now in the process of evaluating its computer disposal policies, according to the report.
Michael Cockrill, the state’s chief information officer, planned a midday briefing today for reporters on the audit.