NCIX & Newegg Prove That Etailers Generally Don’t Care About Customer Protection

This news broke earlier this week, but I feel it’s important enough to make sure that it’s seen by as many eyeballs as possible. It’s a story that highlights just how haphazardly your data can be handled by etail companies, even if there are assurances that security is at the forefront of their vision. What happens when bankruptcy strikes? Believe it or not, disastrous things can happen.

Earlier this year, NCIX went bankrupt, and while the website is still online, I’m not entirely sure that means it’s safe to order from. Nonetheless, following the bankruptcy, the company’s servers essentially went up for grabs, and you know what that means: customer data can fall into the hands of less than scrupulous users quite easily, and to horrible results.

Someone from PrivacyFly managed to get in touch with someone who was offloading old NCIX servers, and were surprised to find 100% complete customer databases that had unencrypted data – even credit card information. That means that if you’ve purchased anything from NCIX in recent years, your legitimate credit card information could be in someone else’s hands right now.

Hard drives from NCIX’s database servers

If you haven’t ordered in a while, the stored information could be out-of-date, but it’s not worth taking a chance by assuming you’re safe. It’s always good practice to scrutinize your credit card statements, but it has actually become important if you were an NCIX customer at any point.

If it’s been a slow day for you, you can become enraged while reading the above-linked article and gaining a better understanding of how easy it would be to come into possession with millions of sensitive customer records, as long as you’re willing to pay for it. And really, what you’ll be asked to pay is dwarfed by the potential gain from resulting scams and theft.

This NCIX debacle follows the same kind of data being leaked out of Newegg, with all payment information since August 13 or 14 being compromised.

This really should be all the proof you need that many etailers couldn’t care less about your security. I’ll never forget ringing Newegg’s customer service line ten years ago and having the customer service rep read my password out loud to me. That was ten-years-ago. We now have proof that some things just don’t change, but we should.

What’s it going to take? I’m not really sure, but this kind of thing happening is totally unacceptable. Since NCIX is bankrupt, it seems like it’d be safe from persecution from this gross crime, so much stricter laws and mandatory third-party security audits for large customer databases would seem like a good start. Unencrypted passwords doesn’t just imply weak security, it implies that the company didn’t even bother with anything but the bare minimum. That’s infuriating.