Acxiom database hacked

Acxiom Corp. confirmed that a computer hacker downloaded sensitive information about some of its clients’ customers.

In a statement, Acxiom, a provider of data integration software based in Little Rock, Ark., said that the unauthorized access occurred as information was being exchanged between Acxiom and some of its clients via a file transfer protocol (FTP) server.

Acxiom said law enforcement officials notified the company that they don’t believe any of the data was released to other parties or used for fraudulent purposes. Acxiom said it didn’t know about the breach until it was contacted by an Ohio law enforcement agency last week. The company said it is continuing to cooperate with law enforcement officials.

The breach involved one FTP server outside the Acxiom firewall, the company said. No internal systems or internal databases were accessed, and there was no breach of the security firewall.

The company said only a small percentage of its clients’ data was involved in the incident, and the hacker, a former employee of an Acxiom client, was arrested.

According to law enforcement officials, the person arrested was a known sophisticated hacker. Acxiom said the person apparently gained access through the hacking of encrypted passwords.

After learning of the breach, Acxiom immediately moved to close the security gap and changed all passwords on the FTP server involved. The company is now in the process of communicating with all clients who might be potentially affected.

“Acxiom is proud of its long-standing commitment to the security of our systems and our efforts toward continuous improvements in that area, so we deeply regret this breach,” said Acxiom Company Leader Charles Morgan in the statement.

Morgan said the company has begun a comprehensive review of its systems and procedures with the help of nationally renowned security experts to guard against similar incidents in the future.

No additional information about the incident was immediately available.