April 10, 2014 12:46 p.m. - Updated: 4:10 p.m.
OLYMPIA — Some state agencies failed to wipe old computers clean of sensitive or personal data before sending them to be sold as surplus, a new state audit says.
Random checks of computers that agencies sent to the state's surplus warehouse last summer revealed about 9 percent of them had information that was supposed be be removed before clearing them for sale. The information included Social Security numbers, medical or psychiatric histories of clients, and in one case an employee's tax return forms.
On one computer, auditors found a Post-it note that had the machine's sign-in and password, which still worked.
Auditors found flaws in the system, but no sign personal data that's protected by law was ever compromised.
State Auditor Troy Kelley said today those agencies were notified and their surplus sales of computers were frozen during the audit while procedures were changed, and there's no evidence that any private information had been compromised. He questioned whether the state should continue its practice of selling its obsolete computers.
“If we're getting very little money, and there's high risk, I think we have to stop,” Kelley said.
A study is being done to answer whether the risks outweigh the value of selling surplus computers, Michael Cockrill, the state's chief information officer, said.
“The state has received no reports of any data from PCs being compromised,” he said. . .
To read the rest of this item, or to comment, continue inside the blog.
1 comment / Read full post ›