Several state agencies likely gave away or sold hundreds of surplus computers that still contained confidential information, such as Social Security numbers, medical records and tax forms, according to an audit released Thursday.
Auditors examined only the computers sent to surplus by 13 agencies over a six-week period last summer. But they estimated that 109 of those computers — 9 percent of them — contained confidential information.
“With the right knowledge of data retrieval, the confidential information we found could be obtained in a few minutes,” according to the audit report. “Had these computers been sold, the presence of confidential information on their hard drives posed a risk of harm to private individuals and the state.”
The audit did not mention any specific cases of identity theft associated with the confidential information.
Most Read Stories
- Analysis: Does Russell Wilson really want to leave the Seahawks for the New York Giants?
- Seattle household net worth ranks among top in nation — but wealth doesn't reach everyone | FYI Guy
- Hoping for no snow? King and Snohomish counties could see some Wednesday.
- Tim Eyman charged with misdemeanor theft; attorneys call chair's removal from store an accident
- Seattle construction still booming and won't end anytime soon
The surplus computers with confidential information originally belonged to the state departments of ecology; health; labor & industries; and social and health services, according to the report.
Overall, nearly 20,000 computers have been sent to surplus over the last two years, the auditors noted. Nine percent of that would be 1,800 computers with confidential information.
Some surplus computers are given to other state organizations, school districts or nonprofits. Others are sold to the public.
State Auditor Troy Kelley said in the report that his office conducted the audit to help assess the state’s technology security.
In addition to the confidential information, the auditors identified four state agencies that did not have documented procedures for wiping surplus computers and 10 that “did not follow the recommended leading practice of verifying data on hard drives is erased or destroyed.”
State officials responded quickly to the findings, according to the audit report. Officials quarantined computers, halted sales and established new guidelines.
The state is now in the process of evaluating its computer disposal policies, according to the report.
Michael Cockrill, the state’s chief information officer, planned a midday briefing today for reporters on the audit.