Report: someone is already selling user data from defunct Canadian retailer's auctioned-off servers

Originally published at: https://boingboing.net/2018/09/21/unencrypted-data.html

4 Likes

I hope “Jeff” is currently being investigated by the RCMP because surely selling that data is a crime, yes? (Oh, and my info is almost certainly on it.)

7 Likes

A shitstorm of lawsuits is going to hit the hosting company in 3,2,1… i predict they will be havi g serious regrets over not sanitizing the hardware before selling it very fucking soon.

ETA, or whatever entity sold off the equipment (thanks for the correction @GeekMan). Since the law is too stupid to require wiping before sale, there will be lawsuits. Somebody made the choice to sell machines with data on them, and whoever they are, they deserve to have their ass handed to them in court.

(Former NCIX customer here but I’d feel the same way even if I was not. This is tantamount to auctioning off the safe deposit box contents of a defunct bank. It is immoral, unethical, and ought to fucking be illegal).

6 Likes

The servers were undoubtedly hosted “on prem” by NCIX themselves, considering the nature of their business and the fact that “server parking” (buying your own server hardware to live at a hosting company’s data center) is no longer common practice.

I’d instead put the screws into Able Auctions, who couldn’t even be bothered to wipe hard drives. “Jeff” and NCIX’s former CEO/Owner should also be put under the microscope.

7 Likes

My info is almost certainly on it, too. The “good” news is that I am pretty sure that particular credit card has been compromised at least once since then.

If a company goes bankrupt and out of business leaving behind assets and bills unpaid you’d better believe that if I am owed money and holding those assets I’m going to spend the minimum amount of money required to obtain the maximum amount of value out of those assets to hopefully satisfy some of the debts owed. As a small business owner I’ve had clients stiff me and then go out of business, it sucks. Server wiping takes time and the attention of people who know how to do it. To do it properly it can take days. Unless there’s some legal requirement on the third party in possession of the hardware I’d never take the time to do that.

On a related note, I just bought a mac mini from a defunct theater on auction. I harvested all the valuable software licenses and checked out all the data files on that system before wiping it.

Servers have been seized by the RCMP.

3 Likes
1 Like

I am not a lawyer, but some years ago there was a case where some kind of small medical company in the U.S. went out of business and it was ruled that the medical records of patients could be sold as an asset. (But as I recall, in that case it was physical records, not computer data. And it may have been before more recent U.S. medical privacy laws.)

No one involved owns the software on those disks. That’s only licensed.

1 Like

Instead of writing “an Asian man who called himself ‘Jeff’”, why not just say “a man named Jeff?”

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.