ncix NCIX Data breach 2018

[-rascal-]

1 hour ago, rcmaehl said:

Stolen from chat. Product Drop Tester Predicts Data Breach (2018, Colorized)
 

 

 

Well Shiiiiiiiiiieeeeet...

Gotta cancel my credit card then, and update my pre-authorized monthly bill payments...

F#$kin' NCIX's founder, Steven Wu....ya goof'd Bic Tyme Bic Boi

[Terryv]

2 minutes ago, -rascal- said:

NCIX's founder, Steven Wu....ya goof'd Bic Tyme Bic Boi

Not his fault, everything was taken away from him when he went bankrupt.

 

I assume (someone correct me if I'm wrong) the blame lies with the company responsible for liquidating the assets.

[AntiTrust]

Quote

 mounted one image belonging to Steve Wu the founder of NCIX. Inside I found data going back 13 years, financial documents, employment letters containing SIN numbers, and data from Mr. Wu’s home computer which featured personal documents and images of his family mixed in with numerous private photos of high end escorts from mainland china.

my favorite part of the article. now I know where my restocking fees went

[TacoSenpai]

1 minute ago, AntiTrust said:

my favorite part of the article. now I know where my restocking fees went

Ya boy Steve Wu knew what was up

[AntiTrust]

well I called my credit card company and said I was worried about a data breach at an online store I used to use and the guy was super helpful. Card blocked and new card with new number coming in a few days.

 

fuck you NCIX!!!

[♠FlamieMeister♠]

*slowclap intensifies*

[N7_Zer0]

I used to work there. Apparently our SIN numbers are on there so what can we do about that?

[SirRemog]

1 minute ago, _Zer0_ said:

I used to work there. Apparently our SIN numbers are on there so what can we do about that?

Contact the Government (Service Canada) immediately. 

 

And probably consider legal options. Maybe a class action is something that could happen in the future? Though IANAL so YMMV

[dogwitch]

i seen this more the once with laptop... so many laptops........ you be surprise how many times i had to clear out stuff like this,.,,

[conman2305]

1 hour ago, Terryv said:

I assume (someone correct me if I'm wrong) the blame lies with the company responsible for liquidating the assets.

Basic PCI compliance: ENCRYPT YO' SHIT

[descendency]

I'm shocked that consumer protection laws allow this in Canada. 

[Kenji the Uke]

So.. What do we do? Is there a way to check to see if we were affected? Anything?? What are the steps we should take?

[netrixtardis]

I'm wondering if some Linus' old work data is also on there.  He may need to worry about his own PII data being out there due to NCIX's negligence.

[WMGroomAK]

Best way to prevent something like this is to allow the IT staff to take all drives to a local gravel pit with a sledgehammer or shotgun and let them have an Office Space moment prior to the closing.

[netrixtardis]

Linus should investigate if his PII data is protected due to NCIX's negligence.

[BlueChinchillaEatingDorito]

Now I'm wondering if there are any Government regulations regarding the handling of customer data in the case of bankruptcy. Yes, NCIX should've encrypted their drives, but that's the tip of the iceberg when you consider how many companies still have boxes and boxes of paper records as Linus showed in his videos. And clearly it seemed like the people running these auctions don't give a crap and just leave them on the show room floor. I wouldn't even be surprised if they sold them. They're solely there to recoup money and since customer information has more value than ever these days, it's a no-brainer in their perspective. NCIX just happened to be the one who should've known better. But I can bet you there are thousands of small businesses that don't encrypt their drives that could face a similar fate and have company and customer data sold or leaked. To even think this data wasn't ceased upon filing for bankruptcy with the courts, and having auctioneers just sell these unformatted drives boggles my mind. 

 

TL;DR It's not just a failure on NCIX's part, it's a failure on all parties involved with the filing of this bankruptcy. 

[Cthulhu Calamari]

I haven't seen the other reports, but I did read this article, including information like "This even featured personal documents and images of Mr. Wu’s family mixed in with numerous private photos of high end escorts from mainland china." [sic]

 

Let me know if anyone finds information about a class action lawsuit against whomever is responsible for this...

[imreloadin]

I'd like to take a moment to thank NCIX for always having exorbitant shipping fees for anything I thought about buying from them. Sure a case may have been $10 cheaper than Amazon there but when it cost $30 to ship it to me I picked Amazon every time. So thanks for disuadding me back then so I'm not getting fucked over by you now

[PlayStation 2]

this week's just the week for data breaches huh

[BlueChinchillaEatingDorito]

6 minutes ago, imreloadin said:

I'd like to take a moment to thank NCIX for always having exorbitant shipping fees for anything I thought about buying from them. Sure a case may have been $10 cheaper than Amazon there but when it cost $30 to ship it to me I picked Amazon every time. So thanks for disuadding me back then so I'm not getting fucked over by you now

I guess this was a plus for living in the same city as their headquarters. Just place an order online and pick up at one of their 3 stores or warehouse in Richmond later in the day. I've practically bought all of my parts from them prior to their bankruptcy. 

[D13H4RD]

>Not having customer data encrypted

 

How?!

[Tannah]

NCIX was a major seller to various BC Government and Government of Canada, IT Departments. If this is true, I expect to see some fairly spectacular fireworks.

I say "if" because at current we only have one source of this information.

[cchhrriiss11]

People need to remember, data breaches/leaks like this do not only occur just from businesses shutting down or going bankrupt, but also routine upgrades and hardware refreshes.

 

As someone who regularly purchases Enterprise-class IT hardware from Canadian Government auctions, there's been a number of occasions where sensitive/damaging data hasn't been wiped from drives or flash memory of networking gear has not been cleared. 

[Tannah]

To be honest, the best way to protect your data is not to give it out.

Restrict how much you give out, don't count on other people to protect your data. Don't rely on Cloud based solutions to protect your information. As soon as your information is out of your hands, you have lost control of it.

This isn't 100% fool proof by any means, but its the best place to start. By reducing your data footprint. The more you shrink your data foot print, the less likely you will be hit.

[Cthulhu Calamari]

1 minute ago, Tannah said:

To be honest, the best way to protect your data is not to give it out.

Is this meant to be helpful in some way? This wasn't some fan forum; it was a commercial retail outlet. You can't not give personal information for online transactions, especially if you didn't live in a city with an NCIX pickup location, as they have to mail it somewhere.

 

29 minutes ago, cchhrriiss11 said:

As someone who regularly purchases Enterprise-class IT hardware from Canadian Government auctions, there's been a number of occasions where sensitive/damaging data hasn't been wiped

I sincerely hope you've reported this to the Privacy Commissioner. If not, here you go: https://www.priv.gc.ca/en/report-a-concern/