http://www.charlotte.com/mld/observer/business/6483972.htm CARYN ROUSSEAU Associated Press Aug. 07, 2003 LITTLE ROCK, Ark. - A computer hacker gained access to private files at Acxiom Corp., one of the world's largest consumer database companies, and was able to download sensitive information about some customers of the company's clients, the company said Thursday. "The data on the servers was a wide variety of information, some of which was personal, some of which was not," Jennifer Barrett, the company's chief privacy officer, said in an interview with The Associated Press on Thursday. The AP was notified of the intrusion by an anonymous caller who would not identify himself or his connection with the company. Barrett said the company did not know about the breach until a law enforcement agency from Ohio contacted it last week. Barrett said both the hacker and the stolen information are in police custody. She said about 10 percent of the company's customers were affected and that, "it would include some of our larger customers." Little Rock-based Acxiom manages consumer databases for a variety of companies, including several Fortune 500 firms. Among its clients are Microsoft Corp., IBM, Sears Roebuck and Co., AT&T, General Electric and Bank of America. Acxiom's Web site says the company serves 14 of the top 15 credit card companies, seven of the top 10 auto manufacturers and five of the top six retail banks. Barrett would not name the specific clients affected, but said the company had contacted them. She said less than 10 percent of the files on a single server were affected and that the company knows what information was stolen. Acxiom has thousands of computer servers. Acxiom spokesman Dale Ingram said it was unclear whether the clients had contacted the individuals whose information was affected. "Each client will have to look at it and see what communication, if any, would be necessary," he said. Barrett said the individual in police custody is a former employee of one of Acxiom's clients and that the information was stolen while the person had legitimate access to Acxiom servers. "They used that access to hack into the passwords of other clients," she said. Barrett said the offender gained access by hacking encrypted passwords from clients who access the server. The server, which was outside a firewall, was used "for clients to transfer files to us and for us to transfer files back to the clients," she said. Barrett said much of the information taken from the server was encrypted and that the risk of identity theft is slim. "We view the risk of it at this point as very low," she said. "We also were notified that data ... hasn't been accessed by any other parties or used for any other fraudulent purposes. I can say this about the data, much of it was nonsensitive information." ON THE NET Acxiom: http://www.acxiom.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 01:05:18 PDT