Acxiom database suffers hacker attack

News

Acxiom database suffers hacker attack

Data integration software provider Acxiom has confirmed that a computer hacker downloaded sensitive information about some of its clients' customers.

The company said that the unauthorised access occurred as information was being exchanged between Acxiom and some of its clients via a file transfer protocol (FTP) server. 

Law enforcement officials told Axciom that they did not believe any of the data was released to other parties or used for fraudulent purposes. Acxiom was unaware of the breach until it was contacted by an Ohio law enforcement agency last week.

The breach involved one FTP server outside the Acxiom firewall. No internal systems or internal databases were accessed, and there was no breach of the security firewall. 

The company said only a small percentage of its clients' data was involved in the incident, and the hacker, a former employee of an Acxiom client, was arrested. 

According to law enforcement officials, the person arrested was a known hacker, who had gained access to the information through the hacking of encrypted passwords. 

After learning of the breach, Acxiom immediately closed the security gap and changed all passwords on the FTP server involved. The company is now in the process of communicating with all clients who might, potentially, be affected. 

"Acxiom is proud of its long-standing commitment to the security of our systems and our efforts toward continuous improvements in that area, so we deeply regret this breach," said Acxiom company leader Charles Morgan. 

The company has begun a comprehensive review of its systems and procedures with the help of nationally renowned security experts. 

Linda Rosencrance writes for Computerworld


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy