For several decades, Washington state has run a program that sells off or donates around 10,000 surplus government-owned computers each year. State law requires that these computers undergo a thorough cleansing before hitting the market to ensure that no confidential data is shared.
But the Seattle Times reports on a recent state audit that found private data on a handful of computers slated for this program that still contained sensitive information. The auditors estimate that around 9% of the computers sold or given away may not have had their hard drives wiped before being made available to the public.
“With the right knowledge of data retrieval, the confidential information we found could be obtained in a few minutes,” states the audit report. “Had these computers been sold, the presence of confidential information on their hard drives posed a risk of harm to private individuals and the state.”
The state’s chief information officer is trying to downplay the problem, claiming there have been no reports of sensitive data going public, and pointing out that the state halted the surplus sale in advance of the audit report.
Washington is now beefing up its rules about handling these surplus computers and will be putting them through a secondary scrubbing before being sold.