TRENTON – Confidential personal information – such as Social Security numbers, health records and child abuse reports – was left on state computers bound for public auction, according to an audit released Wednesday.
“At a time when identity theft is all too common, the state must take better precautions so it doesn’t end up auctioning off taxpayers’ Social Security numbers and health records to the highest bidder,” State Comptroller Matthew Boxer said.
The computers were shrink-wrapped on pallets at the New Jersey’s surplus property warehouse and ready to be sold at public auction until auditors from the Office of the State Comptroller (OSC) intervened.
The computers had been deemed surplus and sent to the state warehouse for redistribution. Other state agencies then have 30 days to claim the equipment from the warehouse before it is disposed of through public auction. Guidelines dictate that state agencies must remove all data from a computer’s hard drive before sending it to the warehouse.
Despite these requirements, auditors found data on 79 percent of the computers sampled at the warehouse and confidential or personal information on nearly a third. The release of such confidential information to unauthorized parties would constitute a violation of federal and state laws.
Employees from one agency told auditors that the agency had the necessary equipment to purge data from its computers but the staff was reluctant to use the equipment because of the noise and magnetic fields it generated.
Data found on the computers examined by OSC’s information technology auditors included:
- A list of state-supervised children, along with their dates of birth and Medicaid numbers;
- Numerous files belonging to a state judge, including the judge’s life insurance trust agreement, tax returns, mortgage information and Social Security number, as well as a confidential fax to the Lawyer’s Assistance Program concerning an attorney’s “personal emotional problems” and non-public memoranda by the judge concerning potential impropriety by two attorneys;
- Social Security numbers of state employees and members of the public;
- Files related to child abuse cases, including a child fatality report, child immunization records and a child health evaluation;
- A list of vendor payments referencing names of children and including contact information for children placed outside of the parental home;
- Personnel reviews, computer sign-on passwords and e-mails of state employees; and
- Internal memoranda from a state agency and personal contact information for multiple members of the then-Governor’s cabinet.
Many of the computers already had been packaged for public auction at the time of the review. The others were in the warehouse and would have been either publicly auctioned or redistributed to government agencies or nonprofit corporations.
Also found at the warehouse were four computers that were packaged to be sold at auction as scrap, even though they were still under vendor warranty. OSC inquiries revealed that the computers had been transferred to the warehouse in error.
After a meeting with OSC staff in which preliminary findings of the audit were discussed, the state modified its policies and procedures to improve data security. The state has issued an interim policy requiring agencies to remove all hard drives from computers sent for redistribution while the Department of the Treasury develops a permanent policy for handling such computers.
Connect with NJTODAY.NET
Join NJTODAY.NET's free Email List to receive occasional updates delivered right to your email address!