Except they didn't work for free: they worked for the salvage value. I can't really see how the low value of the contract proves fault.
I can. I have quoted for this type of work in the UK before. I went to have a look at the kit first before quoting and did so knowing that the job was more complicated that it initially appeared. The people wanting to dispose of the equipment wanted to dispose of it through an auction house specialising in selling unwanted corporate assets in bulk. They wanted to get rid of it quickly and as they did not understand what needed to be done thought the job would be fast and cheap.
I found racks of working servers, disk arrays, standard PC's as well as lots of dead equipment, individual drives and older UNIX equipment. Most of the kit could be wiped with standard utilities, but the UNIX equipment and dismantled kit would take much more time so my quote allowed for this. The company chose to go with a very cheap data deletion specialist who used a minimum wage employee armed with a PC wiping CD. Of course this would not boot anything not running an Intel processor so they simply didn't bother with that kit. It didn't have drivers for disk arrays so these were missed too. As the amount paid didn't allow sufficient time to connect up to all of the drives not in a PC they didn't bother with these either. All of the kit went straight to auction from there.
I read the report from the company wiping the machines which stated that their deletion routines were successful in the summary then went on to explain in highly technical language what had not been done and why in the rest of the report. Managers would be highly unlikely to understand what had not been done from this, but would probably assume that the kit was sent out in a clean state. The contractor had actually stated what had been wiped and what had been missed, just not in an understandable format and so were probably not liable for a data breach. I pointed out that they had not wiped any of the UNIX kit and had sent a complete readable set of financial data to be sold at auction. I have yet to hear back from them.
Managers simply don't understand this area and are easy prey for the unscrupulous. They will usually choose the cheapest quote.