The FBI’s ITAD Missteps: A Wake-Up Call for Every Organization

By: Levi Hentges, Vice President / Development, SEAM

A recent federal audit of the FBI’s IT asset management practices has revealed critical weaknesses that should have every organization paying attention. If one of the nation’s top law enforcement agencies struggles to track and secure its retired IT assets, what does that say for the rest of us? The reality is, poor IT asset disposition (ITAD) practices put businesses at risk of data breaches, compliance violations, and operational inefficiencies.

The FBI’s ITAD Failures – and Why They Matter

An August 2024 report from the Department of Justice’s inspector general found that the FBI’s asset management and disposal process was riddled with gaps. Among the most alarming findings:

• Unlabeled and Untracked Hard Drives: When computers were decommissioned, their internal hard drives were removed but not given individual tracking labels. That means hard drives containing sensitive data were left sitting in boxes or on the floor, completely unaccounted for.
• Inconsistent Data Erasure Practices: The FBI requires hard drives to be degaussed at the time of disposal, but the audit found that this best practice wasn’t always followed. Some extracted drives were shipped from field offices without being erased.
• Poor Physical Security Controls: Auditors found open boxes and unsecured pallets of storage media, including devices labeled as containing classified information. Some of these assets sat in unsecured areas for weeks at a time, with nearly 400 people having access to the facility – many of them contractors and task force officers. One security camera in the area wasn’t even working.
• No Inventory Reconciliation: The FBI’s asset management team had no way to confirm whether the number of hard drives shipped from field offices matched the number received at their central processing location. That’s a recipe for missing assets and potential data loss.

Why Your Organization Should Take This Seriously

If this level of mismanagement can happen at the FBI, where classified national security information is at stake, imagine how easily it can happen in a private business without strict ITAD controls. Organizations across industries—whether healthcare, finance, or government contracting—face the same risks:

• Regulatory Compliance Risks: If data-bearing devices aren’t properly tracked and destroyed, businesses can face violations under regulations like HIPAA, GDPR, or CCPA.
• Data Breach Exposure: Unaccounted-for hard drives could end up in the wrong hands, leading to leaks of customer data, trade secrets, or personally identifiable information (PII).
• Reputational Damage: A single ITAD mistake can result in lost trust from customers and stakeholders. Once your company is in the headlines for a data breach, recovering that trust is difficult and expensive.

How SEAM Ensures ITAD Security

At SEAM, we take IT asset disposition seriously. We’ve built our entire business around providing secure, trackable, and compliant asset management for our customers. Here’s how we ensure nothing falls through the cracks:

• Detailed Asset Tracking: Every device, including extracted hard drives, is logged and tracked throughout the entire ITAD process, ensuring full visibility.
• Strict Chain of Custody: We maintain tight security controls at every step, from pickup to final processing, so nothing is left unaccounted for.
• Certified Data Destruction: As an R2, e-Stewards, and NAID AAA-certified provider, we follow the highest industry standards to ensure sensitive data is completely destroyed before devices leave our facility.
• Secure Storage & Processing: Unlike the FBI’s facility, where hard drives sat unsecured for weeks, our processing environment is built with multiple layers of security to prevent unauthorized access.

Take Control of Your ITAD Process

The FBI’s mismanagement of IT asset disposal isn’t just a government issue—it’s a warning sign for every organization handling sensitive data. If your ITAD provider isn’t offering full transparency, strict security protocols, and certified data destruction, you’re taking a huge risk.

At SEAM, we work with businesses to eliminate these risks, providing secure, compliant ITAD services that ensure no asset goes untracked. Contact us today to learn how we can help your organization stay protected.

Levi Hentges is the Vice President / Development at SEAM. He helps clients build and manage their IT Asset Disposition (ITAD) programs to comply with legal, corporate and environmental requirements surrounding their technology devices; including asset recovery and resale, data destruction and secure electronics recycling.