Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Database Company Hacked Again

Posted by michael on from the don't-worry-be-happy dept.

x-guru writes "CNN is reporting on the indictment of a Florida man on 144 identity theft charges including fraud, money-laundering, and obstruction of justice. Approximately 8.2 GB of data was stolen from Acxiom Corp, a company responsible for the storage of vast amounts of personal, financial and corporate data. It looks to be an inside job as six Acxiom employees have agreed to cooperate with the investigation." Acxiom was hacked last year as well.

16 of 230 comments (clear)

  1. disclosure by Anonymous Coward · · Score: 4, Insightful

    of course i can't be bothered to RTFA, but when will we have laws making it a mandatory requirement for companies like this to fully disclose events like this to the public. after all, it is our information they're "losing"

    1. Re:disclosure by Anonymous Coward · · Score: 1, Insightful
      It is not our information, it is information about us.

      Acxiom own it and sell it to whmoever will pay for it. The only news here is that somebody didn't pay.

    2. Re:disclosure by MemRaven · · Score: 2, Insightful

      And in order to work with anyone, you always sign over the rights for them to aggregate it in this way anyway. So in theory you own your data, in order to do anything at all in society you have to relinquish your rights to the data which you own.

  2. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  3. The only way to keep private data private... by MartinG · · Score: 3, Insightful

    ... is to not store it all in one place.

    Centralised databases of sensitive data are evil.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
    1. Re:The only way to keep private data private... by kris_lang · · Score: 2, Insightful

      Amen. I fear for the sanctity of our medical records and the sanity of our medical providers (oh so politically correct HMO way of being weaselly about whether you'll actually be seen by a doctor, a nurse, a nurse practitioner, or a physician's assistant: we employ 1984-speak and we equate all four thus, thus it is so) once the wacky concept of CENTRALIZING all of our health records ever takes place. Does President Bush's New Mandate Give HHS Authority to Link Everyone's Medical Records to a National Computerized System? at
      www.forhealthfreedom.org/Publications/Privacy/Lo si ngPrivacy.html

      If they can't fix the debacle at the Veteran's Administration Hospitals transitioning from MUMPS-based transaction and cost accounting to the COREFLS system, why should we expect the government to be any good at doing this on a country-wide wholesale populace scale?

  4. Lack of Security by millahtime · · Score: 2, Insightful

    This is where the lack of security is undershot. Secuity is always talked about with the consumer pc, windows and ie. If you want to get personal data hack the server. Forget the pc. I don't hear much about these area being convered. Banks and the Military seem to have security covered but there are a lot of orginizations with a lot of personal data with not near enough security.

    --
    Evolution or ID?
  5. Re:$7 million? by RealityMogul · · Score: 2, Insightful

    How many customer records could be stored in 1 GB?

    How much would it cost just to inform all those people (assuming that they will)? And then when everyone updates their records, how much will it cost to rebuild/update the database with the new info?

    Just playing devil's advocate here.

  6. It's also extremely well-worth noting... by The+Ultimate+Fartkno · · Score: 3, Insightful

    ...that the man (scum-sucking dirtbag duck-raper, actually) indicted, Scott Levine, is the owner of Snipermail - a spamhouse located in (get ready for a shock!) Florida. Is anyone surprised that a spammer (connected to Eddie Marin, btw) has moved on to massive identity theft? Don't you just wonder what he was planning on using all that data for?

    How about a quick game of Hangman, kids. "Here's hoping he gets time in a federal _____-__-__-___-___ prison!" (Commence flames from more enlightened readers in 3... 2... 1...)

  7. Case in point by Lord+Grey · · Score: 5, Insightful
    Approximately 8.2 GB of data was stolen from Acxiom Corp...
    This is yet another example of why it would be a terrible idea to institute a national ID card. The people backing the card, when faced with the concept of someone stealing the contents of the database that would support the card, invariably insist that "it couldn't happen -- we'll secure it real well."

    Beyond the fact that a national ID card wouldn't provide any additional security, putting that much private information in one place is just asking for trouble. As this latest debacle shows, and as Schneier points out in the article I referenced.

    From the CNN article:

    "We will aggressively pursue those who steal private information from computer networks and make it clear that there are serious consequences for such crimes," [Assistant Attorney General Christopher Wray] said.
    Oh, good. That will surely stop it from happening.
    --
    // Beyond Here Lie Dragons
  8. Re:This begs the question.,, by sdjunky · · Score: 2, Insightful

    And what if there aren't enough Network Admins to do the necessary work because of IT Budget cuts?

    And what if the Network Admin isn't appropriately trained because the company won't pay for training and the pay they offer won't enticed skilled admins.

    Assuming negligence of the Network Admin doesn't take into consideration the shades of grey that are often involved.

    People should be responsible for poor security but the "climate" that leads to it should also be considered.

  9. Spying is Spying by ObsessiveMathsFreak · · Score: 2, Insightful

    If I compile data on someone, their purchases, habits, income and other records, I'm stalking/spying on them.

    If I'm a company compiling 8GB or such data on hundreds of thousands of people, I'm doing market research.

    If I'm a single individual who gains access without consent to such a companies data, itself usually obtained without consent, I'm a snooping crook/terrorist/cracker/pervert/thief who gets thrown in jail.

    RFID. Credit Cards. Social Security. How come I can't aquire such data, yet amoralistic multinationals can. Does the fact that I don't want such information in the hands of anyone at all even count? Tinfoil hat or no, no-one likes being snooped upon. Data rape is data rape no matter how drunk someone was on free handouts.

    --
    May the Maths Be with you!
  10. "Hacked" ? by Quixote · · Score: 2, Insightful
    How long have you been working (the term used loosely here) at Slashdot, Michael?

    This wasn't a "hack". It was an inside job: a contractor using a company-provided username/password to access data that he should not have had access to, but did because of lax policies on the part of the company (Acxiom).

    This is not a "hack". It is theft. Plain and simple.

  11. Re:"Vast amounts" by laigle · · Score: 3, Insightful

    First off, 8.2 gigs is a LOT of simple data. We're talking about databases here, not mp3s. A few kbytes can give you everything you need to steal someone's identity and more. We're talking about hundreds of thousands or even a few million entries.

    Second, what can you really do with 50 million social security/credit card/name/address matches that you can't do with 1 million? It's not likely this data was stolen just for spam, much larger databases are readily available for that purpose. Even the largest, most nefarious criminal organization would be set for years with a million verified identities to misuse. Even if you could only net a few hundred dollars from each identity theft, that's a LOT of money. And at a certain point the scale of the data overrides your ability to exploit it anyways.

  12. Re:right, very important by tuxette · · Score: 2, Insightful
    At least in Norway, part of the law involves securing the perosonal data once it comes into the hands of the data controller. So while it may not prevent hackers from trying, it says that the data controller has to establish and maintain the measures required to keep data safe from such attacks.

    Take a look at sections 13 and 14. There are also special rules to the law that specifically touch on information security, but I don't have a link in English.

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
  13. Re:Goofiest mod ever. by Nos. · · Score: 2, Insightful

    I'm just wondering if you've realized yet, that both your posts here are offtopic, because this isn't the article on the Apollo pics!