NASA failed to delete sensitive data on computers and hard drives before selling the equipment as part of its plan to end the Space Shuttle program, an audit released on Tuesday shows.
NASA is getting rid of thousands of surplus items as it prepares to end the space shuttle program next year.
The Office of Inspector General found what it termed "serious" security breaches at NASA centers in Florida, Texas, California and Virginia.
"Our review found serious breaches in NASA's IT (information technology) security practices that could lead to the improper release of sensitive information related to the Space Shuttle and other NASA programs," NASA Inspector General Paul Martin said in a statement.
"NASA needs to take coordinated and forceful actions to address this problem."
The report cites 14 computers from the Kennedy Space Center that failed tests to determine if they were sanitized of sensitive information, 10 of which already had been released to the public. It also found that hard drives were missing from Kennedy and from the Langley Research Center in Virginia. Some of the Kennedy hard drives were later found inside a dumpster, where they were being stored before sale, that was accessible to the public, the audit says.
Investigators also found several pallets of computers being prepared for sale that were marked with NASA Internet Protocol addresses, which the report said could help hackers gain access to the NASA internal computer network.