Device Identification , Endpoint Security , Government

Auditors Uncover Lax FBI Hard Drive Disposal Practices

Hard Drives Slated For Destruction Kept in Open Cardboard Boxes
Auditors Uncover Lax FBI Hard Drive Disposal Practices
Auditors say the FBI allowed hard drives awaiting destruction to pile up in a warehouse facility. (Image: Shutterstock)

The FBI had a loose hard disk disposal problem that auditors say put classified information at risk.

See Also: Taking the Necessary Steps to Secure Active Directory: Checklist

U.S. Department of Justice auditors in Wednesday report said an in-person review of the facility the FBI uses to destroy old hard drives uncovered problems including lax physical security and cardboard boxes filled with unlabeled hard drives.

The bureau, auditors said, has a tracking system for obsolete computers and servers earmarked for destruction - but not for storage media extracted from the computer chassis. FBI staff routinely remove electronic storage media from computers that contained Top Secret information in a measure meant to keep shipping costs down.

Law enforcement officials told auditors they haven't tracked individual hard drives, since it's bureau policy to degauss hard drives once they've been removed. "However, the FBI confirmed that not all hard drives, particularly hard drives extracted by local FBI field office IT specialists and shipped from field offices, are being handled in accordance with this best practice."

Auditors also spotted boxes of hard drives set for destruction in open boxes. A facility staffer told auditors that the boxes could stay open for days, "or even weeks," until there were enough obsolete drives to fill the box. The devices' actual shredding could take up to 21 months, because the bureau gave the destruction of untracked assets a lower priority.

The facility where electronic equipment destruction takes place is a warehouse to which nearly 400 people have access, including other bureau employees or contractors dedicated to logistics and mail. Auditors said there was no physical barrier between the destruction area of the warehouse and other areas. Staffers never used a metal roll-down overhead door to seal off their workspace. A camera suspended near the roll-down door was "non-functioning" and the work area in other places lacked camera coverage.

In response to the audit, bureau officials began tracking extracted hard drives and implemented better physical security, including the installation of locked metal cages to store loose media while it awaits destruction.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.