One of the world's largest consumer data bases was breached in the second week of August, with its cracker suspected of being able to download information about some very heavy clients' customers – including Microsoft, IBM, Sears. AT&T, General Electric, and Bank of America.
SecurityNewsPortal reported private files at Acxion Corporation were breached, and the company wasn't aware of the breach until an Ohio law enforcement agency tipped them off. The company does say, however, that the cracker might be a former Acxiom worker who is now in police custody but stole the information while he still had legitimate database access.
The company wouldn't say which data was reached and seen by the cracker, according to the Sydney Morning Herald in Australia, which reported the story August 11.
Acxiom chief privacy officer Jennifer Barrett told the Associated Press the information in question was "a wide variety of information, some of which was personal, some of which was not." But Acxom also claims among its clients fourteen of fifteen top credit companies, seven of the ten top automobile manufacturers, and five of the six top retail banks, SecurityNewsPortal said, which could have made the breach one of the potentially largest-ranging consumer information breaches in cyberspace history.
Barrett said Acxom estimated about ten percent of their customers were affected. Another company spokesman told the AP each client would probably have to review their Acxiom data to determine what if anything they should tell their affected customers.
The cracker used his Acxiom access to hack into passwords of other clients, Barrett added. But she did add that the actual identity theft risk is slim, because much of the information taken from the server was encrypted. "We view the risk of it at this point as very low," she told the AP. "We also were notified that data ... hasn't been accessed by any other parties or used for any other fraudulent purposes. I can say this about the data, much of it was nonsensitive information."
