[ISN] Prominent database company hacked again

InfoSec News isn at c4i.org
Thu Jul 22 07:51:49 EDT 2004


http://www.siliconvalley.com/mld/siliconvalley/9208688.htm

July 21, 2004

LITTLE ROCK, Ark. (AP) - A Florida man has been charged with stealing
large amounts of consumer information from Acxiom Corp., one of the
world's largest database companies.

The new indictment comes on the heels of a separate case last year in
which an Ohio man pleaded guilty to hacking into an Acxiom server.  
Acxiom manages personal information on millions of consumers, along
with financial and other internal data for companies.

The new case, against Scott Levine, 45, represents ``what may be the
largest cases of intrusion of personal data to date,'' U.S. Assistant
Attorney General Christopher A. Wray said Wednesday at a news
conference in Washington.

Prosecutors said the stolen data included personal information about
``a great number of individuals,'' but they added that the information
wasn't used for identity fraud.

Levine ran Snipermail.com Inc., which distributed ads over e-mail.  
Prosecutors said Levine and other Snipermail employees got into
Acxiom's server to take 8.2 gigabytes of consumer files in 2002 and
2003.

A telephone number believed to be Levine's was no longer in service.  
He was indicted on 144 counts, including unauthorized access of a
protected computer, conspiracy, access device fraud, money laundering
and obstruction of justice.

In a statement released late Wednesday, Acxiom thanked investigators
``for working so hard and effectively over the past year to bring
these individuals to justice.''

``We are committed to safeguarding our systems and the data that we
store and manage on behalf of our clients,'' the company said. ``Since
evidence of this crime was uncovered and halted in the summer of 2003,
Acxiom has made a strong security system even stronger.''

This case arose from the one last year in which Daniel Baas of
Milford, Ohio, pleaded guilty to hacking into Acxiom. During follow-up
investigations, the company detected a second set of intrusions,
coming from a different Internet protocol address, which was traced to
Levine, prosecutors said.





More information about the ISN mailing list