Utah State Auditor Auston Johnson conducted a "sting" operation a year ago that found important information — including Social Security and credit card numbers — on a handful of state surplus computers that were heading toward public sale.

But Johnson decided to write what is known as "letter audits" to the seven state department heads on whose computers such sensitive information was found, instead of issuing a normal public audit, because Johnson didn't want to alert owners of state surplus computers that such sensitive information may be on their machines' hard drives.

"We were not out for a big publicity splash, but to fix a problem," Johnson said Friday. "And we have high confidence that the problem has been fixed and that no state surplus computers have this information on them now."

Still, there was a clear problem last spring when Johnson's auditors inspected 23 computers waiting to be sold by the state's Surplus Property Division and found important information on 17 of them.

Considering that the state surpluses hundreds of computers each year, having nearly three-fourths of them containing sensitive information is not a good situation.

Johnson said he recognized that, and so he decided to send letters to department directors and to state information-technology officials to get the problem fixed. Officially, those letter audits are public, as Johnson stated in warning notices to the department directors. (He provided all seven audit letters to the Deseret Morning News upon request.)

But since neither Johnson nor the directors talked publicly about the computer situation — in fact, Johnson warned department directors not to talk about the letter audits — the public didn't find out about it, either.

Johnson wrote in separate letters to department directors: "We feel that the finding represents a significant weakness in (your department). If this weakness is left uncorrected, there exists a significant disclosure of confidential and sensitive information."

"This was a unique situation," Johnson told the Morning News. "We started this audit in January of 2006, just before news broke about the Veterans Administration computer that was stolen" and had thousands of Social Security numbers in it, he said. "We were not looking for a big bang — like we were reacting to the Veterans situation, when we weren't."

Johnson said he told a Utah legislative budget committee about the sting operation last week while trying to make a point that committee members had nothing to fear from a Johnson audit — "We can handle some situations quietly."

"We want to create change" in state government, "not headlines," Johnson said.