Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Database Company Hacked

Posted by michael on from the new-SSNs-for-everyone dept.

fermion writes "The NYT(FRR) and others are reporting that a hacker has broken into a Acxiom server. Acxiom evidently is "one of the world's largest consumer database companies" and serves most top credit card companies and retail banks. There are a few items that stand out in this case. First, Acxiom had no idea that the breach occurred until the company was contacted by the police. Second, the theft was an inside job. The suspect, now in police custody, was an employee with legitimate access to the information. It amazes me that a such a company would have such lax security as to allow an insider to browse supposedly private data at will. Third, the company is taking no responsibility for the break in other than reporting it to the clients, who then may or may not inform their customers." Acxiom is a Certified Participant in the BBBOnline Privacy Program.

4 of 286 comments (clear)

  1. You're amazed by this? by James+A.+A.+Joyce · · Score: 5, Interesting

    "The suspect, now in police custody, was an employee with legitimate access to the information. It amazes me that a such a company would have such lax security as to allow an insider to browse supposedly private data at will."


    This is, unfortunately, the real world. Lax security such as this is the norm. "Need-to-know" is a term which doesn't seem to exist in the security policies of these companies. Insider information will always be leaked by someone out of curiosity or some malicious impulse. They're lucky they were able to find out who it was! At least maybe now they're more likely to improve their security and get it up to scratch. (But probably not.)
    --

    Bash script for FP whores

  2. Insiders by Hayzeus · · Score: 4, Interesting

    At least as of a couple of years ago, INTERNAL security threats were really the major issue for most companies. Despite the fact that insider breaches probably tend to get less press, I bet this is still the case, although I don't know for sure. Anyone?

    --

    Roving Web-Teleoperated Robot
  3. Re:make sure you Opt Out by baka_boy · · Score: 4, Interesting

    Nice sentiment, but painfully naive -- there is no such thing as an 'opt-out' anymore. Every bit of personal information that private or public interests can gather on you is fair game, and the market for such information will probably only grow as interactive media increasingly replace broadcast channels over the next few decades.

    Personally, I wouldn't mind it so much if the reverse was also true, and those interests scanning your personal history for commercial or criminal trends were also subject to the same level of transparency.

  4. Re:Legal responsibility by minus9 · · Score: 4, Interesting

    Somebody inside the organisation has to have access to the data, otherwise why bother storing it.

    Can I interest you in a write only drive array?

    It seems any crime perpitrated within 500 yards of a computer is now termed "hacking".