March 11, 2011

N.J. agencies failed to wipe hard drives before resale

Multiple New Jersey state agencies left confidential information on computers set to be sold at auction, according to a report released this week by state Comptroller Matthew Boxer.

An audit by Boxer's office revealed that multiple state agencies disposed of computer equipment without ensuring that data on the devices had been removed. Auditors discovered completed tax returns, Social Security numbers, health records, child abuse papers and a list of login passwords on computers that were shrink-wrapped on pallets at the state's surplus property warehouse ready to be auctioned off to the public.

The comptroller's office intervened to stop the auction after confidential information was discovered on the computers but warned that the state may have inadvertently released personal information in the past. The state gives away or sells hundreds of computers each year, the comptroller's office estimated.

“It's certainly a reasonable assumption that before we arrived there was no one to stop computers with confidential data from being auctioned to the public,” Pete McAleer, a comptroller spokesman, told SCMagazineUS.com on Friday.

New Jersey state policy requires agencies to remove all data from a computer's hard drive before deeming it fit for redistribution. Despite the state's requirements, 46 out of 58, or 79 percent, of the hard drives evaluated during the audit contained data, much of which was confidential, according to the report. 

“At a time when identity theft is all too common, the state must take better precautions so it doesn't end up auctioning off taxpayers' Social Security numbers and health records to the highest bidder,” Boxer said in a statement.

Specifically, the hard drives contained more than 230 files related to state child abuse investigations, containing names and addresses of the children, as well as immunization and health records. The release of such information violates various state and federal laws, the report states.

The comptroller made 10 recommendations to state officials for improving the surplus system, many of which advise employees to follow and enforce existing policies.

In response, the state's Treasury Department, which operates the warehouse, said it has undertaken efforts to improve data security.  

The department has issued an interim policy requiring that agencies remove all hard drives from computers sent for redistribution while it develops a permanent policy for handling such computers.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.