Consumer Database Company Hacked Again

x-guru writes "CNN is reporting on the indictment of a Florida man on 144 identity theft charges including fraud, money-laundering, and obstruction of justice. Approximately 8.2 GB of data was stolen from Acxiom Corp, a company responsible for the storage of vast amounts of personal, financial and corporate data. It looks to be an inside job as six Acxiom employees have agreed to cooperate with the investigation." Acxiom was hacked last year as well.

What?

[windside]

It looks to be an inside job as six Acxiom employees have agreed to cooperate with the investigation.

It might just be the early morning talking, but could someone explain how employee cooperation implies an inside job? Maybe I need more coffee.

$7 million?

[Gentoo+Fan]

Federal officials said the theft of approximately 8.2 gigabytes of data resulted in losses of more than $7 million.

Where exactly is $7 million coming from? Is there data worth about a million a gig?

Re:$7 million?

[gid]

I'd be willing to wager the 7 million is just an arbirarily large enough number so the feds will investigate their case. If they say they only lost a grand, then there would probably be no investigation.

Re:$7 million?

[LiquidCoooled]

ONLY 7 million!

Thank god the RIAA isnt involved with the cleanup.

(82000000 * ($250,000 * ([DriveSpeed] * Cos([WindDirection]))

This issue of losses is mute really, because as with illicit file sharing, the original data still exists.

This data sharing may result in customers going elsewhere, and so may effect FUTURE revenue stream, but their account certainly hasn't taken a dip just yet.
(Contrast with bank robbery)

Re:$7 million?

You're a moron.

i was an intern with Acxiom at one time. A lot of computing power and programming goes into creating the data products they provide. It's some mysql database with 1000 rows - it's a little more serious than that. And it's not just the large amounts of data, it's the work and programming that gleans useful product from that data. Think before you speak, son.

Links within a chain

[Evil+Schmoo]

This is the great myth of the InterWeb security policies of most corporations -- you're only as safe as the weakest link in the chain. IBM, GE, et al, are probably among the most secure commercial sites available, and yet their customers still get nailed by third-party lapses.

Anyone want to take a gander on when Equifax, Experian, and TransUnion get busted for going through some minor service provider?

This begs the question.,,

[penginkun]

What is happening to the morons who leave this kind of information sitting around on an easily cracked server? Are they getting fines? Jail time? 40 lashes with a wet noodle? What?

Maybe if these network admins were PUNISHED SEVERELY for their negligence they'd start being more careful.

At the very least this kind of information should be stored on encrypted filesystems. Better still, the files themselves should be triple-des'd and then PGP'd for good measure.

The solution: Translucent database

[richieb]

See this book on translucent databases. The data in such database is useless to all, except those who actually own the data. So, in this case, the stolen data would not be useful to anyone.

Re:disclosure, "when will we have laws ?"

[nusratt]

"of course i can't be bothered to RTFA, but when will we have laws making it a mandatory requirement for companies like this to fully disclose events like this to the public"

can you be bothered to contact your legislators, or consumersunion.org, or epic.org?

Re:so they have to steal that much to get prosecut

[infinite9]

Oh ya, and my friend's credit was STILL bad 2 years later from that stuff, even though all parties knew what had happened.


This is because the Fair Isaac credit score has nothing to do with how good a customer you are. It's a measure of how likely a creditor is to make money from you. This is why if you keep paying your loans off after only a few months, you get a bad score. This is also why the reporting agencies were so reluctant to tell people how the score is calculated. If you're an identity theft victim, you're a bad risk for the creditor because they can't be sure you're really you. They're more likely to lose money from whoever is presenting your indentifying information. Works as designed.

This is yet another reason why credit card companies are scams. They're loan sharks, nothing more. Credit card companies in the US need heavy regulation. It will never happen though.

Not theft

[jfengel]

As many slashdot readers will be sure to point out, this isn't theft. Like music pulled off Kazaa, Acxiom still has the original data, and their use of it is not diminished by this guy having a copy.

Re:Not theft

[NeoRete]

However in this situation, there is money lost as this information facilitates identity theft and bogus credit card charges. Last time I checked, there was no direct money lost for each song that was downloaded via Kazaa.

punish what is really responsible

[zogger]

Better idea. If a company gets cracked say three times, then make it the same deal individuals get in our society, most places three felonies, you get a huge jail time, as a career rerecidivist criminal and societal lamer. If a corporation gets busted for malfeasance or gets cracked three times,any combination, then they should get the same, which in their cases would be loss of incorporation priveleges, and to HECK with the stock holders, it's a gamble, they need to have that drilled in daily it appears. Stockholders only appear to be interested in profits as well, there's a large lack of interest in honesty and efficiency with them in general terms. Make these companies lose their corporate charter, stock holders go bust, end of story, maybe correct business decisions will sink in beyond this quarters profits. These people want a capitalist solution, here's one, you aren't guaranteed profits, you are only guranteed a chance to be honest and effective. Not just effective, not just honest, both. either one you fail it, then you fail it. If you are bogus and ineffective, the government, which is supposed to be "we the people", who GRANTS the charters, gets to take them away. There is no automatic guaranteed "right" to incorporation anyplace, it's a privelege granted by the people. This removal of bogus corporations doesn't happen near enough from my POV. Corporations, if you look back in history were granted to both benefit the corporation (and the humans connected to it) as to profits, and also to be of a general public benefit. Unlike the pure lie you see repeated by corporate apologists who keep claiming corporations are "only" for making money. They love to say that, but it's not true, they just wish it was and act like it was, and for too long it has been that way in practice, but it's well past time to go back and revisit the realities of a granted incorporation. If they fail to make a profit they eventually go under,that part still exists with "the market place", but we have lost and forgotten about the other deal, if they fail to be of public benefit. They should be dissolved, and getting hacked multiple times and having innocent peoples data compromised should go right up the responsibility chain to whichever corporation is responsible, along with the humans involved, who should then be prohibited to serve in any official capacity inside a corporation for x-amount of years, a significant long time..

I'd like to see it anyway, get that "responsibile for your actions" deal back into common knowledge and practice.

A Few Notes on Acxiom. Opt Out Now!

[CritterNYC]

Acxiom is certainly not an example of a very good company. Aside from the fact that they were hacked... twice... and had all their data stolen... twice, they are also an unethical marketing company. They purposely ignore opt-out requests from people who want to get out of their lists. In short, their privacy policies suck.

Get out of all of their databases ASAP:
(877) 774-2094
optout@acxiom.com