Consumer Database Company Hacked

fermion writes "The NYT(FRR) and others are reporting that a hacker has broken into a Acxiom server. Acxiom evidently is "one of the world's largest consumer database companies" and serves most top credit card companies and retail banks. There are a few items that stand out in this case. First, Acxiom had no idea that the breach occurred until the company was contacted by the police. Second, the theft was an inside job. The suspect, now in police custody, was an employee with legitimate access to the information. It amazes me that a such a company would have such lax security as to allow an insider to browse supposedly private data at will. Third, the company is taking no responsibility for the break in other than reporting it to the clients, who then may or may not inform their customers." Acxiom is a Certified Participant in the BBBOnline Privacy Program.

You're amazed by this?

[James+A.+A.+Joyce]

"The suspect, now in police custody, was an employee with legitimate access to the information. It amazes me that a such a company would have such lax security as to allow an insider to browse supposedly private data at will."

This is, unfortunately, the real world. Lax security such as this is the norm. "Need-to-know" is a term which doesn't seem to exist in the security policies of these companies. Insider information will always be leaked by someone out of curiosity or some malicious impulse. They're lucky they were able to find out who it was! At least maybe now they're more likely to improve their security and get it up to scratch. (But probably not.)