Data found on surplus computers

Published: Sunday, May 13, 2007 12:37 a.m. MDT
 |  E-MAIL | PRINT | FONT + - 
Utah State Auditor Auston Johnson conducted a "sting" operation a year ago that found important information — including Social Security and credit card numbers — on a handful of state surplus computers that were heading toward public sale.

But Johnson decided to write what is known as "letter audits" to the seven state department heads on whose computers such sensitive information was found, instead of issuing a normal public audit, because Johnson didn't want to alert owners of state surplus computers that such sensitive information may be on their machines' hard drives.

"We were not out for a big publicity splash, but to fix a problem," Johnson said Friday. "And we have high confidence that the problem has been fixed and that no state surplus computers have this information on them now."

Still, there was a clear problem last spring when Johnson's auditors inspected 23 computers waiting to be sold by the state's Surplus Property Division and found important information on 17 of them.

Considering that the state surpluses hundreds of computers each year, having nearly three-fourths of them containing sensitive information is not a good situation.

Story continues below

Johnson said he recognized that, and so he decided to send letters to department directors and to state information-technology officials to get the problem fixed. Officially, those letter audits are public, as Johnson stated in warning notices to the department directors. (He provided all seven audit letters to the Deseret Morning News upon request.)

But since neither Johnson nor the directors talked publicly about the computer situation — in fact, Johnson warned department directors not to talk about the letter audits — the public didn't find out about it, either.

Johnson wrote in separate letters to department directors: "We feel that the finding represents a significant weakness in (your department). If this weakness is left uncorrected, there exists a significant disclosure of confidential and sensitive information."

"This was a unique situation," Johnson told the Morning News. "We started this audit in January of 2006, just before news broke about the Veterans Administration computer that was stolen" and had thousands of Social Security numbers in it, he said. "We were not looking for a big bang — like we were reacting to the Veterans situation, when we weren't."

Johnson said he told a Utah legislative budget committee about the sting operation last week while trying to make a point that committee members had nothing to fear from a Johnson audit — "We can handle some situations quietly."

"We want to create change" in state government, "not headlines," Johnson said.

Comments

You can be the first to comment on this story.

Image
Deseret Morning News Graphic

previousnext

Latest comments

That's a stupid idea. First of all, Utah (nor any OTHER MWC or WAC team) can...

News Update: Boozer hurts himself walking from car to restuarant. Can't...

This is rich! One of the main players in bringing the full recession into...

BYU has a museum of paleontology with some great dinosaur exhibits and,...

Hopefully some of the kindergarteners who go camping and hiking in the wilds...

that would never happen, the bulls won't trade all those players plus why...

I say we kill every last wild animal on Earth. That way we won't have to...

What is all the noise about Milsap. He was beat down against the Lakers and...

"...if collie would have stayed, we would realy destroy you,..." If, if,...

ANYONE SEE THAT OKUR GOT 2 YEAR EXTENSION? I DID!!!! GO TO ESPN!

Advertisements