Menu

Topics

TV Programs

Connect

Local

your local region

National

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

Calendar

Calendar

Search

Quick Search

  •  
  •  
  •  
  •  
  •  
  •  

Trending Now

  •  
     
  •  
     
  •  
     
  •  
     
  •  
     
  •  
     

Add Global News to Home Screen

Instructions:

  1. Press the share icon on your browser
  2. Select Add to Home Screen
  3. Press Add

Comments

Want to discuss? Please read our Commenting Policy first.

Video link
Headline link
Advertisement

Thousands of Canadians’ personal data from NCIX servers listed on Craigslist: cybersecurity expert

By Simon Little & Kristen Robinson Global News
Posted September 21, 2018 10:49 pm
2 min read
Click to play video: 'Data breach alleged after un-wiped computer store servers allegedly sold on Craigslist'
Data breach alleged after un-wiped computer store servers allegedly sold on Craigslist
Many of the NCIX servers and hard drives that were sold at auction had not been wiped. Kristen Robinson reports on with what that could mean for hundreds of thousands of former customers – Sep 21, 2018
Share this item via WhatsApp

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

Privacy advocates are raising the alarm after data potentially belonging to thousands of Canadians allegedly made its way onto buy-and-sell website Craigslist.

The information was contained on servers and hard drives formerly owned by Vancouver-based computer retailer NCIX.

The company went bankrupt last December, and its inventory was auctioned off.

But while Able Auctions, which moved the hardware, said it believed it had all been wiped, a B.C. cybersecurity expert says otherwise.

Privacy Fly president Travis Doering said he was browsing Craigslist last month when he saw the server gear for sale.

LISTEN: NCIX database servers allegedly sold at auction without being wiped


He emailed the seller to ask if the data was still available, and after meeting twice, was surprised to find that it was.
Story continues below advertisement

“In the one database alone, I found 3.8 million Canadian details. It contained details like items purchased, names, addresses places of work, email addresses,” he said.

“I was shocked. I’ve seen data peddled before, that’s nothing new. But the extent of having an entire server farm, all of their records for sale to the highest bidder?”

Tweet This Click to share quote on Twitter: "I was shocked. I've seen data peddled before, that's nothing new. But the extent of having an entire server farm, all of their records for sale to the highest bidder?"
Breaking news from Canada and around the world sent to your email, as it happens.

Global News was unable to reach NCIX founder Steve Wu, while former NCIX manager Kevin Ma told Global News that he, too, was a victim.

Ma isn’t the only former employee whose information was contained in the data.

WATCH: Why Facebook did not notify 87M users about Cambridge Analytica data breach

Trending Now
Click to play video: 'Why Facebook did not notify 87M users about Cambridge Analytica data breach'
Why Facebook did not notify 87M users about Cambridge Analytica data breach

Helena Phan, who worked for the company in 2015, said her payroll information, pay stubs and T4s may have been included.

Story continues below advertisement

“I was super shocked. I expected more from NCIX as a company to at least delete the files or at least encrypt it in some way,” she said.

“That’s sensitive information. There are people’s credit card numbers, debit card numbers, their home numbers and their addresses are on there. It’s just ridiculous.”

Phan said she hadn’t heard anything from a company representative updating her on the situation.

Richmond RCMP says it has now recovered the hardware, and that an investigation is ongoing.

— With files from Erin Ubels

More on BC
© 2018 Global News, a division of Corus Entertainment Inc.

Sponsored content

AdChoices