Hacker Gets Acxion Customer Information 


Associated Press
Aug. 07, 2003   
LITTLE ROCK, Ark. - A computer hacker gained access to private files
at Acxiom Corp., one of the world's largest consumer database
companies, and was able to download sensitive information about some
customers of the company's clients, the company said Thursday.

"The data on the servers was a wide variety of information, some of
which was personal, some of which was not," Jennifer Barrett, the
company's chief privacy officer, said in an interview with The
Associated Press on Thursday. The AP was notified of the intrusion by
an anonymous caller who would not identify himself or his connection
with the company.

Barrett said the company did not know about the breach until a law
enforcement agency from Ohio contacted it last week.

Barrett said both the hacker and the stolen information are in police
custody. She said about 10 percent of the company's customers were
affected and that, "it would include some of our larger customers."

Little Rock-based Acxiom manages consumer databases for a variety of
companies, including several Fortune 500 firms. Among its clients are
Microsoft Corp., IBM, Sears Roebuck and Co., AT&T, General Electric
and Bank of America. Acxiom's Web site says the company serves 14 of
the top 15 credit card companies, seven of the top 10 auto
manufacturers and five of the top six retail banks.

Barrett would not name the specific clients affected, but said the
company had contacted them.

She said less than 10 percent of the files on a single server were
affected and that the company knows what information was stolen.  
Acxiom has thousands of computer servers.

Acxiom spokesman Dale Ingram said it was unclear whether the clients
had contacted the individuals whose information was affected. "Each
client will have to look at it and see what communication, if any,
would be necessary," he said.

Barrett said the individual in police custody is a former employee of
one of Acxiom's clients and that the information was stolen while the
person had legitimate access to Acxiom servers.

"They used that access to hack into the passwords of other clients,"  
she said.

Barrett said the offender gained access by hacking encrypted passwords
from clients who access the server. The server, which was outside a
firewall, was used "for clients to transfer files to us and for us to
transfer files back to the clients," she said.

Barrett said much of the information taken from the server was
encrypted and that the risk of identity theft is slim.

"We view the risk of it at this point as very low," she said. "We also
were notified that data ... hasn't been accessed by any other parties
or used for any other fraudulent purposes. I can say this about the
data, much of it was nonsensitive information."


Acxiom: http://www.acxiom.com

main page ATTRITION feedback