US space agency Nasa has been left red-faced after selling off computers without ensuring that highly sensitive data had been removed.
An internal investigation found 10 cases where PCs were sold despite failing data removal procedures.
Another four PCs - which were about to be sold - were found to contain data restricted under arms control rules.
The computers were being sold off as Nasa winds down its space shuttle operations.
The last shuttle flight is scheduled for June 2011.
But the space agency's internal auditors discovered that its policies for wiping data from PCs used in the Shuttle programme have not always been followed.
They uncovered issues at four locations: the Kennedy and Johnson Space Centers, and the Ames and Langley Research Centers.
In some cases, tests were not being run to confirm the computers had been wiped.
Investigators also found that some PCs that had failed those verification tests were still being put up for sale.
Their report in to the incidents says its impossible to know what data was left on the sold-off equipment, but analysis of similar equipment "raises serious concerns" for Nasa.
Investigators found four PCs being prepared for sale at the Kennedy Space Center which contained data subject to export control by the International Traffic in Arms Regulations.
They also found dozens of PCs at the Kennedy equipment disposal facility that all had external markings listing network details.
Such details could potentially provide hackers with "unauthorised access to Nasa's internal computer network".
Nasa will now review and update its equipment disposals procedures.