Audit shows security breach from state's surplus computer sales

OLYMPIA, Wash. -- The state auditor is warning of a massive security breach caused by the government's surplus computers. An investigation uncovered hard drives loaded with confidential information that could be plundered by identity thieves -- and the problem has been going on for years.

Every year, Washington state sells off 10,000 used computers as government surplus. A disturbing new audit shows 9 percent likely still contained taxpayers' personal information.

"Social security numbers, dates of birth, addresses, phone numbers, medical records, financial information, IRS tax forms," said state Auditor Troy Kelley, listing the types of personal data discovered.

Kelley says the government has policies to wipe hard drives before selling computers, but it appears guidelines weren't followed and no one verified the data was erased.

"You could say it's either human error or a management issue in terms of making sure the policies were followed properly," he said.

There's no evidence this personal information was misused by people who bought the computers, but state investigators admit the security breach likely has been going on for years - if not decades.

"We made mistakes and we're putting processes in place to make sure that doesn't happen again," said Michael Cockrill, the state's Chief Information Officer.

Cockrill is making changes. His office is drafting verification procedures to make sure the data is erased, and is sending all hard drives to the Airway Heights Corrections Center near Spokane, where they are purged a second time, then re-purposed for schools.

"State computers will all have their hard drives sent to Computers 4 Kids to be wiped," Cockrill said.

Surplus computer sales netted $411,000 last year. That's not much considering the risk government agencies exposed the public to - but they believe they've got the problem fixed.