Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Database Company Hacked Again

Posted by michael on from the don't-worry-be-happy dept.

x-guru writes "CNN is reporting on the indictment of a Florida man on 144 identity theft charges including fraud, money-laundering, and obstruction of justice. Approximately 8.2 GB of data was stolen from Acxiom Corp, a company responsible for the storage of vast amounts of personal, financial and corporate data. It looks to be an inside job as six Acxiom employees have agreed to cooperate with the investigation." Acxiom was hacked last year as well.

15 of 230 comments (clear)

  1. disclosure by Anonymous Coward · · Score: 4, Insightful

    of course i can't be bothered to RTFA, but when will we have laws making it a mandatory requirement for companies like this to fully disclose events like this to the public. after all, it is our information they're "losing"

  2. What? by windside · · Score: 3, Interesting

    It looks to be an inside job as six Acxiom employees have agreed to cooperate with the investigation.

    It might just be the early morning talking, but could someone explain how employee cooperation implies an inside job? Maybe I need more coffee.

    --
    ...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
    Churchill
    1. Re:What? by panda · · Score: 4, Informative

      Actually, the articel does NOT say that 6 Acxiom employees agreed to cooperate with the investigation. It says 6 employees of the "the company." Since Snipermail was the previous company mentioned, I took it to mean that 6 employees of Snipermail were cooperating with the investigation.

      At any rate, it never said 6 employees of Acxiom, so it is open to interpretation and poorly written. I think someone needs to clarify that point.

      --
      Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
  3. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  4. Re:$7 million? by Anonymous Coward · · Score: 3, Funny

    Where exactly is $7 million coming from? Is there data worth about a million a gig?

    Wow, I must have billions of dollars worth of pr0n then!

  5. Links within a chain by Evil+Schmoo · · Score: 3, Interesting

    This is the great myth of the InterWeb security policies of most corporations -- you're only as safe as the weakest link in the chain. IBM, GE, et al, are probably among the most secure commercial sites available, and yet their customers still get nailed by third-party lapses.

    Anyone want to take a gander on when Equifax, Experian, and TransUnion get busted for going through some minor service provider?

  6. The only way to keep private data private... by MartinG · · Score: 3, Insightful

    ... is to not store it all in one place.

    Centralised databases of sensitive data are evil.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
  7. It's also extremely well-worth noting... by The+Ultimate+Fartkno · · Score: 3, Insightful

    ...that the man (scum-sucking dirtbag duck-raper, actually) indicted, Scott Levine, is the owner of Snipermail - a spamhouse located in (get ready for a shock!) Florida. Is anyone surprised that a spammer (connected to Eddie Marin, btw) has moved on to massive identity theft? Don't you just wonder what he was planning on using all that data for?

    How about a quick game of Hangman, kids. "Here's hoping he gets time in a federal _____-__-__-___-___ prison!" (Commence flames from more enlightened readers in 3... 2... 1...)

  8. Case in point by Lord+Grey · · Score: 5, Insightful
    Approximately 8.2 GB of data was stolen from Acxiom Corp...
    This is yet another example of why it would be a terrible idea to institute a national ID card. The people backing the card, when faced with the concept of someone stealing the contents of the database that would support the card, invariably insist that "it couldn't happen -- we'll secure it real well."

    Beyond the fact that a national ID card wouldn't provide any additional security, putting that much private information in one place is just asking for trouble. As this latest debacle shows, and as Schneier points out in the article I referenced.

    From the CNN article:

    "We will aggressively pursue those who steal private information from computer networks and make it clear that there are serious consequences for such crimes," [Assistant Attorney General Christopher Wray] said.
    Oh, good. That will surely stop it from happening.
    --
    // Beyond Here Lie Dragons
  9. Details... by Anonymous Coward · · Score: 5, Informative
    Remember last year when Acxiom had some "minor" security issues? It was slashdotted, here and here. Their nightmare is far from over. Just yesterday a 144-count indictment was slapped to Scott Levine, 45, of Boca Raton, Fla.-based Snipermail.com Inc. Levine was charged with conspiracy, unauthorized access of a protected computer, access device fraud, money laundering and obstruction of justice, according to the indictment. Did I mention he accussed of stealing about 8.2 gigs worth of data at the same time Daniel Baas was stealing gigs of data? Baas has already been conviced.

    THIS WAS NOT AN INSIDE JOB. Two people from different parts of the country were "hacking" Acxiom at the same time, using the same vulnerability. Neither of them even knew each other. Acxiom's security was a flaming turd.

    Search all the Daniel Baas articles and you will find he cracked a password file they had in a public directory on the ftp server. This guy did the same thing. Acxiom should be shutdown for their stupidity.

  10. Why not me? by scowling · · Score: 3, Funny

    Some days I wish someone would take my identity.

    --
    www.kitchengeek.com -- Nosh for
  11. The solution: Translucent database by richieb · · Score: 3, Interesting
    See this book on translucent databases. The data in such database is useless to all, except those who actually own the data. So, in this case, the stolen data would not be useful to anyone.

    --
    ...richie - It is a good day to code.
  12. Re:disclosure, "when will we have laws ?" by nusratt · · Score: 3, Interesting

    "of course i can't be bothered to RTFA, but when will we have laws making it a mandatory requirement for companies like this to fully disclose events like this to the public"

    can you be bothered to contact your legislators, or consumersunion.org, or epic.org?

  13. Re:"Vast amounts" by laigle · · Score: 3, Insightful

    First off, 8.2 gigs is a LOT of simple data. We're talking about databases here, not mp3s. A few kbytes can give you everything you need to steal someone's identity and more. We're talking about hundreds of thousands or even a few million entries.

    Second, what can you really do with 50 million social security/credit card/name/address matches that you can't do with 1 million? It's not likely this data was stolen just for spam, much larger databases are readily available for that purpose. Even the largest, most nefarious criminal organization would be set for years with a million verified identities to misuse. Even if you could only net a few hundred dollars from each identity theft, that's a LOT of money. And at a certain point the scale of the data overrides your ability to exploit it anyways.

  14. Not theft by jfengel · · Score: 3, Interesting

    As many slashdot readers will be sure to point out, this isn't theft. Like music pulled off Kazaa, Acxiom still has the original data, and their use of it is not diminished by this guy having a copy.