NJ Audit: Social Security Numbers On Computers Out For Auction
TRENTON, N.J. (AP) – Taxpayers’ Social Security numbers, confidential child abuse reports and personnel reviews of New Jersey workers nearly went to the highest bidder after the state sent surplus computers out for auction.
Nearly 80 percent of surplus computers in a comptroller’s office sample had not been scrubbed of data before being shipped to a warehouse, according to an audit released Wednesday.
“At a time when identity theft is all too common, the state must take better precautions so it doesn’t end up auctioning off taxpayers’ Social Security numbers and health records,” Comptroller Matthew Boxer said.
The state’s computer redistribution program allows discarded computers to be claimed by another agency within 30 days, or sold or donated. State agencies are supposed to remove data from hard drives before junking computers.
The audit of desktop and laptop computers spanned 17 months, July 2008 through December 2010, and the administrations of Govs. Jon Corzine and Chris Christie. Auditors found information on 46 of the 58 hard drives it tested in the state’s surplus property warehouse and personal data on a third.
The computers were shrink-wrapped and ready to be auctioned.
The data included Social Security numbers of taxpayers and employees; child abuse case files, including a child fatality report; a list of state employees’ computer passwords; and a judge’s tax returns. A memo from the judge on a lawyer’s “personal emotional problems” was also found, as was personal contact information on most members of Corzine’s Cabinet.
Boxer told 1010 WINS that in most cases, this was a product of ignorance or laziness, not criminal intent.
“One of the agencies told us, for example, that they had the equipment to wipe the information off but were afraid to use it because of their belief of a magnetic field that the equipment would cause,” he said.
Perhaps the most potentially damaging find was 230 files related to state investigative case screenings and child abuse reports, many of which contained the names and addresses of the children involved.
The files also included child immunization records and a child health evaluation. Another computer contained a list of vendor payments referencing names, addresses and phone numbers of children removed from their homes because of abuse or neglect, and information about their cases.
“The availability of such confidential personal information and sensitive business information to third parties through the disposal of state-owned computer equipment presents security risks to the affected individuals and state agencies,” the audit states. “Further, the release of such information to unauthorized parties would violate various federal and state statutes.”
Officials did not immediately return messages left Wednesday on whether legal citations or criminal charges were possible.
The Treasury Department, which oversees the computer program, took steps during the audit to prevent the future release of personal, confidential data from surplus computers bound for auction. Additional steps are under way or under consideration, according to the report.
The audit found data from four state agencies, including one that had been cited in 2009 for discarding data-containing computers. The agencies were not named in the audit.
Four of the scrapped computers at the warehouse, packaged to be sold as scrap, were still under warranty, the audit found.
(Copyright 2011 by The Associated Press. All Rights Reserved.)