March 18, 2014.
FOR IMMEDIATE RELEASE
On October 1st, 2013, Canadian Bitcoins suffered a fraudulent security intrusion at the Rogers Data Centre where it colocates some of its distributed equipment.
The fraudster used the 'sales chat tool' on their website to initiate a two hour chat session with Rogers staff, during which time, Rogers staff facilitated a breach of our equipment. It is important to note that this breach occurred without any authentication being performed by the Rogers Data Centre staff whatsoever.
While we did suffer a loss of bitcoins, please rest assured, that this was only a portion of our business holdings, and since Canadian Bitcoins does NOT store ANY bitcoins on a customers behalf, there was zero chance of any losses to customers. It was only our own, internal float that was affected. All transactions with Canadian Bitcoins are "one off" transactions. Users of our service do not maintain a 'balance' with us.
The server that was infiltrated was used to obtain access to the bitcoins. However the server that hosts the actual website, database, and customer verification documents are distributed between other data centres, and were NOT accessed in any way whatsoever during this event. To be clear: The attacker had NO ACCESS to ANY PERSONAL/CUSTOMER details.
Canadian Bitcoins has requested a full accounting from Rogers regarding the security breach at their Ottawa Data Centre and also filed a police report.
Yesterday morning we were contacted by the Ottawa Citizen for comment regarding the incident. Although none of our customers were negatively impacted by the incident, we felt that it was in the best overall interest of the Bitcoin community to be transparent about the incident rather than issuing "no comment" or trying to cover up the breach at the Rogers Data Center.
We look forward to continuing to work with all of our customers and wish to thank you for your continued support.
Sincerely,
Canadian Bitcoins Team