[ISN] Hacker Gets Acxion Customer Information

From: InfoSec News (isnat_private)
Date: Thu Aug 07 2003 - 23:00:34 PDT

  • Next message: InfoSec News: "[ISN] New Security Woes for E-Vote Firm"

    http://www.charlotte.com/mld/observer/business/6483972.htm
    
    CARYN ROUSSEAU
    Associated Press
    Aug. 07, 2003   
     
    LITTLE ROCK, Ark. - A computer hacker gained access to private files
    at Acxiom Corp., one of the world's largest consumer database
    companies, and was able to download sensitive information about some
    customers of the company's clients, the company said Thursday.
    
    "The data on the servers was a wide variety of information, some of
    which was personal, some of which was not," Jennifer Barrett, the
    company's chief privacy officer, said in an interview with The
    Associated Press on Thursday. The AP was notified of the intrusion by
    an anonymous caller who would not identify himself or his connection
    with the company.
    
    Barrett said the company did not know about the breach until a law
    enforcement agency from Ohio contacted it last week.
    
    Barrett said both the hacker and the stolen information are in police
    custody. She said about 10 percent of the company's customers were
    affected and that, "it would include some of our larger customers."
    
    Little Rock-based Acxiom manages consumer databases for a variety of
    companies, including several Fortune 500 firms. Among its clients are
    Microsoft Corp., IBM, Sears Roebuck and Co., AT&T, General Electric
    and Bank of America. Acxiom's Web site says the company serves 14 of
    the top 15 credit card companies, seven of the top 10 auto
    manufacturers and five of the top six retail banks.
    
    Barrett would not name the specific clients affected, but said the
    company had contacted them.
    
    She said less than 10 percent of the files on a single server were
    affected and that the company knows what information was stolen.  
    Acxiom has thousands of computer servers.
    
    Acxiom spokesman Dale Ingram said it was unclear whether the clients
    had contacted the individuals whose information was affected. "Each
    client will have to look at it and see what communication, if any,
    would be necessary," he said.
    
    Barrett said the individual in police custody is a former employee of
    one of Acxiom's clients and that the information was stolen while the
    person had legitimate access to Acxiom servers.
    
    "They used that access to hack into the passwords of other clients,"  
    she said.
    
    Barrett said the offender gained access by hacking encrypted passwords
    from clients who access the server. The server, which was outside a
    firewall, was used "for clients to transfer files to us and for us to
    transfer files back to the clients," she said.
    
    Barrett said much of the information taken from the server was
    encrypted and that the risk of identity theft is slim.
    
    "We view the risk of it at this point as very low," she said. "We also
    were notified that data ... hasn't been accessed by any other parties
    or used for any other fraudulent purposes. I can say this about the
    data, much of it was nonsensitive information."
    
    ON THE NET
    
    Acxiom: http://www.acxiom.com
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 01:05:18 PDT