Data integration software provider Acxiom has confirmed that a computer hacker downloaded sensitive information about some of its clients' customers.
The company said that the unauthorised access occurred as information was being exchanged between Acxiom and some of its clients via a file transfer protocol (FTP) server.
Law enforcement officials told Axciom that they did not believe any of the data was released to other parties or used for fraudulent purposes. Acxiom was unaware of the breach until it was contacted by an Ohio law enforcement agency last week.
The breach involved one FTP server outside the Acxiom firewall. No internal systems or internal databases were accessed, and there was no breach of the security firewall.
The company said only a small percentage of its clients' data was involved in the incident, and the hacker, a former employee of an Acxiom client, was arrested.
According to law enforcement officials, the person arrested was a known hacker, who had gained access to the information through the hacking of encrypted passwords.
After learning of the breach, Acxiom immediately closed the security gap and changed all passwords on the FTP server involved. The company is now in the process of communicating with all clients who might, potentially, be affected.
"Acxiom is proud of its long-standing commitment to the security of our systems and our efforts toward continuous improvements in that area, so we deeply regret this breach," said Acxiom company leader Charles Morgan.
The company has begun a comprehensive review of its systems and procedures with the help of nationally renowned security experts.
Linda Rosencrance writes for Computerworld