Privacy advocates are raising the alarm after data potentially belonging to thousands of Canadians allegedly made its way onto buy-and-sell website Craigslist.
The information was contained on servers and hard drives formerly owned by Vancouver-based computer retailer NCIX.
The company went bankrupt last December, and its inventory was auctioned off.
But while Able Auctions, which moved the hardware, said it believed it had all been wiped, a B.C. cybersecurity expert says otherwise.
Privacy Fly president Travis Doering said he was browsing Craigslist last month when he saw the server gear for sale.
He emailed the seller to ask if the data was still available, and after meeting twice, was surprised to find that it was.
“In the one database alone, I found 3.8 million Canadian details. It contained details like items purchased, names, addresses places of work, email addresses,” he said.
“I was shocked. I’ve seen data peddled before, that’s nothing new. But the extent of having an entire server farm, all of their records for sale to the highest bidder?”
Ma isn’t the only former employee whose information was contained in the data.
Helena Phan, who worked for the company in 2015, said her payroll information, pay stubs and T4s may have been included.
“I was super shocked. I expected more from NCIX as a company to at least delete the files or at least encrypt it in some way,” she said.