ncix NCIX Data breach 2018

[S w a t s o n]

 

You dun fucked up real good Wu, if anyone gets screwed over by this you gonna get bent over

[Trik'Stari]

6 hours ago, James Evens said:

Common issue when computer get sold/liquidation. A bigger issues are scanner/printer with hard drives.

I work in a situation where we manage and work on bulk clients, ordering in the 20k-40k unit range. Laptops mostly.

 

I can say, when a specific model is liquidated, we go through them and completely wipe everything before hand. These systems use SSD's or in the case of chromebooks, built-in Flash storage. We have to keep records verifying which units were wiped, and which were not (because they were damaged and would not power on).

 

Although I cannot speak for smaller customers, as these are somewhat large government entities.

[ARikozuM]

5 hours ago, Master Disaster said:

Can you really call this a breach though?

It may not be a breach of their systems in technical terms, but it is a breach of consumer protections and data handling. 

[Tannah]

16 minutes ago, Cthulhu Calamari said:

Is this meant to be helpful in some way? This wasn't some fan forum; it was a commercial retail outlet. You can't not give personal information for online transactions, especially if you didn't live in a city with an NCIX pickup location, as they have to mail it somewhere.

 

I sincerely hope you've reported this to the Privacy Commissioner. If not, here you go: https://www.priv.gc.ca/en/report-a-concern/

Well Stuff like don't give you Social Insurance Number to a e-tailer, Don't store your payment information on a e-tailer's web site.

 

Right now If you did business with NCIX I would be calling my credit card provider and letting them know.

 

This should be common sense, but unfortunately common sense isn't common.

[Cthulhu Calamari]

2 minutes ago, ARikozuM said:

5 hours ago, Master Disaster said:

Can you really call this a breach though?

It may not be a breach of their systems in technical terms, but it is a breach of consumer protections and data handling. 

... including provincial, state and federal privacy laws.

[Cthulhu Calamari]

1 minute ago, Tannah said:

Well Stuff like don't give you Social Insurance Number to a e-tailer, Don't store your payment information on a e-tailer's web site.

Customers didn't. Employees, on the other hand, don't have this luxury. Included in the information was data for everyone who worked for and with the company, possibly for the better part of 2 decades. They got straight boned by this breach, and there is literally nothing they could have done to prevent it. (Except, of course, for whatever dipshit was responsible for their IT security...)

[kristofferR]

Very cool, I hope for a massive rant about this from Linus on the next episode of the WAN Show

[vanished]

I say this every time there's a breach like this of some kind, but the "system" is completely broken.  The problem isn't the fact that this stuff leaked, but the fact that leaking it is a problem.  Things like address, phone number, etc. are "public" information (ie, you have to give them to others to interact with the world) and thus should be treated as such (ie, with them alone you can't do anything meaningful).  But for whatever completely insane and asinine reason, these kinds of info bit are used as unique and private identifiers, etc. and that's where the problem starts.  This world is structured like an encryption scheme where you give out your private key regularly and hope it doesn't fall into the wrong hands.  It's completely fucked.

 

None of that exempts NCIX or the people who've handled the bankruptcy for them in the slightest though.  This is criminal negligence on a colossal scale - both the level of incompetence necessary, and the negative impact that has come as a result.  This really is as bad as it gets.  The only way it could be worse is if more people were affected.

[SaTaNsRoBoThO]

Oh damn I bought a ton from them!

[NF-F12]

Someone is going to get absolutely reamed for this.

[Imbellis]

I was about to make a post about it, but I'm glad somebody else did.

[Belgarathian]

I'm usually pretty good at writing responses: 

 

 

Fuuuuuuuuuuuuuuuuuuuuck.

[Oswald]

 

[SpaceGhostC2C]

If Youtube was DC/Marvel, this would be the "WAN Show meets Level1 News" episode or arc.

[Noripsni]

Saw this on face book. Heads up?

https://www.eteknix.com/ncix-database-servers-sold-craigslist-without-wiped/amp/

[Demonking]

I bought my side panel window from them years ago. i hope i used paypal.

[williamcll]

I bet someone on this forum have their hands on one of these databases.

[Novasty]

Canceled my credit card today, new one in a couple of weeks...

[PhantomJaguarr]

And I was very close to buying something from them back in the day once. ?

[iKingRPG]

12 hours ago, Rune said:

Huh, so maybe those boxes containing records in @LinusTech ncix video were actually up for auction....

Yeah i remember that... they said to shread

[vanished]

12 hours ago, Syntaxvgm said:

Yah no one actually gives a fuck about your data.

Ever heard of social engineering or identity theft?  Maybe credit card fraud?

[iKingRPG]

12 hours ago, Rune said:

Huh, so maybe those boxes containing records in @LinusTech ncix video were actually up for auction....

Actually the servers were sold: https://www.eteknix.com/ncix-database-servers-sold-craigslist-without-wiped/amp/ 

[iKingRPG]

Maybe it will be on wan show??

[vanished]

1 minute ago, iKingRPG said:

Maybe it will be on wan show??

I think that's a pretty safe assumption   I see Linus himself in the active users right now, and he was on earlier too...

[asus killer]

NCIX should at least have encrypting the most important files for f sake

 

NCIX not paying rent and then just proceed to abandon the servers. Zero shits given

 

the landlord then starts to sell the data to make up for lost rent money. What an entrepreneur 

 

the people responsible for the banckrupcy didn't care that there were servers and data in possession of a 3rd party. They should have know for f sake, inventories and all that

 

the employees and the owner couldn't care less either. Who cares right *facepalm* if i understood correctly the not paying rent is still prior to the closing, so they are all on NCIS for blame, morally and for sure legally.