Thousands of Canadians’ personal data from NCIX servers listed on Craigslist: cybersecurity expert
Privacy advocates are raising the alarm after data potentially belonging to thousands of Canadians allegedly made its way onto buy-and-sell website Craigslist.
The information was contained on servers and hard drives formerly owned by Vancouver-based computer retailer NCIX.
The company went bankrupt last December, and its inventory was auctioned off.
READ MORE: Air Canada says 20,000 mobile app users affected by data breach
But while Able Auctions, which moved the hardware, said it believed it had all been wiped, a B.C. cybersecurity expert says otherwise.
Privacy Fly president Travis Doering said he was browsing Craigslist last month when he saw the server gear for sale.
LISTEN: NCIX database servers allegedly sold at auction without being wiped
“In the one database alone, I found 3.8 million Canadian details. It contained details like items purchased, names, addresses places of work, email addresses,” he said.
READ MORE: Hundreds of federal civil servants lose personal information in data breach
“I was shocked. I’ve seen data peddled before, that’s nothing new. But the extent of having an entire server farm, all of their records for sale to the highest bidder?”
Global News was unable to reach NCIX founder Steve Wu, while former NCIX manager Kevin Ma told Global News that he, too, was a victim.
Ma isn’t the only former employee whose information was contained in the data.
WATCH: Why Facebook did not notify 87M users about Cambridge Analytica data breach
Helena Phan, who worked for the company in 2015, said her payroll information, pay stubs and T4s may have been included.
“I was super shocked. I expected more from NCIX as a company to at least delete the files or at least encrypt it in some way,” she said.
READ MORE: Over 600,000 Canadians’ Facebook data shared with Cambridge Analytica in data leak
“That’s sensitive information. There are people’s credit card numbers, debit card numbers, their home numbers and their addresses are on there. It’s just ridiculous.”
Phan said she hadn’t heard anything from a company representative updating her on the situation.
Richmond RCMP says it has now recovered the hardware, and that an investigation is ongoing.
— With files from Erin Ubels
© 2018 Global News, a division of Corus Entertainment Inc.
Editor's Picks
B.C. casino ‘knowingly accepted’ millions from banned loan shark, audit alleges
Government revokes charity status of Canadian Jewish group that supported 'foreign armed forces'
Canada's 2019 tax season: 4 things you need to know
Silent wars: Why we don't pay attention to the world's worst violence
$220M and counting: The cost of the RCMP's 'culture of dysfunction'
Six months after being paralyzed in Danforth shooting, Danielle Kane fights for a new life
Captured Canadian could be long-sought narrator of ISIS propaganda
Comments
Want to discuss? Please read our Commenting Policy first.