New Jersey state agencies nearly auction off computers with sensitive data

The computers also contained confidential memoranda from a state judge, the judge’s tax returns for three years, reports on state attorneys’ emotional problems and alleged improprieties, and internal documents prepared for a state agency commission, according to an audit by the state’s Office of the State Comptroller (OSC).

OSC auditors found confidential and personal information on nearly one-third of the computers they examined at the warehouse. A full 79% contained some data, despite a state law that requires all data be removed from a government computer’s hard drive before being sent to the warehouse.

The data found on the computers at the warehouse included a list of state-supervised children, along with their dates of birth and Medicaid numbers; files relating to child abuse cases; personnel reviews, passwords, and emails of state employees; and personal contact information for members of a former governor’s cabinet.

One agency's employees told OSC auditors that they did not use the equipment to purge data from their computers because of the noise and magnetic field the equipment generated.

“At a time when identity theft is all too common, the state must take better precautions so it doesn’t end up auctioning off taxpayers’ Social Security numbers and health records to the highest bidder”, State Comptroller Matthew Boxer said.

State auditors also found warehouse employees were not complying with state requirements regarding redistribution of computer equipment and cell phones they received. Auditors observed local government officials picking up equipment at the warehouse without other local governments, state agencies, or nonprofits receiving equal access to the equipment, the audit found.

In response to the preliminary findings of the audit, the state government issued an interim policy requiring agencies to remove all hard drives from computers before sending them for redistribution or auction. The state’s Department of Treasury is currently developing a permanent policy for handling computers and data, the OSC said.

What’s Hot on Infosecurity Magazine?