Several state agencies likely gave away or sold hundreds of surplus computers that still contained confidential information, such as Social Security numbers, medical records and tax forms, according to an audit released Thursday.
Auditors examined only the computers sent to surplus by 13 agencies over a six-week period last summer. But they estimated that 109 of those computers — 9 percent of them — contained confidential information.
“With the right knowledge of data retrieval, the confidential information we found could be obtained in a few minutes,” according to the audit report. “Had these computers been sold, the presence of confidential information on their hard drives posed a risk of harm to private individuals and the state.”
The audit did not mention any specific cases of identity theft associated with the confidential information.
Most Read Stories
- Washington becomes first state to legalize human composting
- Federal Way star Jaden McDaniels breaks silence, announces commitment to Washington
- Series of small earthquakes detected in Washington and Oregon
- Waterfront transforming before our eyes as viaduct comes down
- Amazon and CEO Jeff Bezos challenged on climate change. Here’s how shareholders voted on it and other issues.
The surplus computers with confidential information originally belonged to the state departments of ecology; health; labor & industries; and social and health services, according to the report.
Overall, nearly 20,000 computers have been sent to surplus over the last two years, the auditors noted. Nine percent of that would be 1,800 computers with confidential information.
Some surplus computers are given to other state organizations, school districts or nonprofits. Others are sold to the public.
State Auditor Troy Kelley said in the report that his office conducted the audit to help assess the state’s technology security.
In addition to the confidential information, the auditors identified four state agencies that did not have documented procedures for wiping surplus computers and 10 that “did not follow the recommended leading practice of verifying data on hard drives is erased or destroyed.”
State officials responded quickly to the findings, according to the audit report. Officials quarantined computers, halted sales and established new guidelines.
The state is now in the process of evaluating its computer disposal policies, according to the report.
Michael Cockrill, the state’s chief information officer, planned a midday briefing today for reporters on the audit.