A hacking at Acxiom Corp. exposed 10% of its clientele, including its largest customers, the Little Rock company said Friday.
Acxiom, which provides customer and information management services to financial services companies and other firms, said this was the first such breach it has experienced. The hacker, a former employee of one of its customers, accessed Acxiom's servers to get the encrypted passwords of other clients, the data company said.
Its clients include 14 of the top 15 credit card companies, five of the top six retail banks, International Business Machines Corp., Microsoft Corp., and the federal government.
Dale Ingram, an Acxiom spokesman, said in a phone interview that it is contacting all its potentially affected customers. "Each client will have to assess the information and decide what they may want and be obligated to do, which will vary greatly from one client to the next."
A suspect was arrested in Cincinnati, and none of the accessed data has been exposed beyond the hacker, so there is little risk of further fraud, Acxiom said.
The company said it knew exactly what information had been filched, which it described as largely nonsensitive and a small percentage of client data. It said that according to law enforcement, several other companies' databases were also hacked.
"Acxiom immediately took action to remove this exposure and hanged all passwords on the FTP server involved," it said.
Citing a practice of conducting extensive internal and external audits on a regular basis, Charles D. Morgan, an Acxiom executive, said it has "begun a comprehensive review of our systems and procedures" to prevent future breaches.
