NCIX Database Servers Sold at Craigslist Without Being Wiped
Canadian retailer NCIX filed for bankruptcy and closed 10 months ago. They were the premiere PC hardware retail store in Canada and even did a sizable business on the other side of the border. However, as Travis Doering of Privacy Fly found out, the company did not go quietly away without doing some damage to their customer’s security first.
Doering recounts meeting up with a Craigslist seller claiming to have NCIX’ Database servers for only $1500 CAD. This includes a Database Server from NCIX and a Database Reporting Server, allegedly legally obtained via Able Auctions. Prior to NCIX shutting down, their assets were sold off through this company.
What is surprising however, is that after some probing, the seller divulged that the data on these servers were actually unwiped, and that he actually had three servers in his possession. Doering did his due diligence and followed up to verify. And sure enough, what he found was quite shocking.
In addition, there where also the 109 hard drives which had been removed from servers before auction and one large pallet of 400-500 used hard drives from various manufacturers. Suggesting that he had direct access to these and not through the auction as the seller initially suggested. From what Doering saw, the computers contained various papers and documents.
Some of which even belonged personally to NCIX founder Steve Wu. According to Doering, he found “data going back 13 years, financial documents, employment letters containing SIN numbers”. This even featured personal documents and images of Mr. Wu’s family mixed in with numerous private photos of high end escorts from mainland china.e