Privacy and Security Breaches at Acxiom: Case Study Chapter 4 Privacy and Security Breaches at Acxiom: Case Study Chapter 4 Acxiom might be the most important organization that most of us have never heard of. They are the “world’s largest processor of consumer data, collecting and analyzing more than a billion records a day” (Bigdoli, 2012). Acxiom was founded in 1969, and its’ headquarters is located in Little Rock, Arkansas (About Acxiom, 2013). “Its customers include nine of the country’s top ten credit-card issuers, as well as nearly all the major retail banks, insurers, and automakers” (Behar, 2012).
Unfortunately, Acxiom has been faced with some breaches of security that have led the company make some important security changes/upgrades. In 2003, Daniel Bass, a 24 year old computer-systems administrator was found to have stolen the data of millions of individuals from Acxiom’s databases. He spent two years collecting this information and stored it on compact discs (Behar, 2004). He broke into their system by simply cracking passwords (Behar, 2004). Bass was not the only hacker to crack Acxiom however.
While authorities were investigating Bass, they ultimately discovered an additional hacker group from Boca Raton, Florida, who had cracked the passwords for the same server that Bass had gotten into as well. While they accessed information for millions of people; it did not appear that either hacking incident resulted in the defrauding of any of the individuals whose data was stolen (Behar, 2012). Acxiom definitely needed to do something to beef up their security measures and protect their customers’ data.
They first hired a chief security officer, which had not been a position until these incidents. The chief security officer instituted mandatory encryptions, as well as working to prevent cybercrimes. Acxiom additionally began to conduct security audits (both conducted from inside and outside firms) to test for weaknesses in security. As far as privacy is concerned, Acxiom is considered to have one of the most stringent privacy policies there are. You can read it here: http://www. acxiom. com/about-acxiom/privacy/.
They had a privacy officer long before they had a security officer. In terms of privacy, we are left questioning whether the government should have access to the information that is collected. I believe that the government should have only limited access. Acxiom was able to help the government with the investigation of the terrorist 9/11 attacks (Behar, 2004). The government should only be granted access to information relevant to important cases, not just have free reign to interpret all of the data any way they see fit.
Other organizations might also feel they need access to this private data for security reasons. While I do not see how this could ever happen, the possible organizations that might feel they need access to such information might be school districts, private security firms, real estate professionals (especially high end), colleges and universities. While safety is an important issue at all of these places (and most others), having access to this sort of information does not guarantee safety, but in fact places unfair targets on many harmless individuals.
References About Acxiom. (2013). Retrieved from Acxiom: http://www. acxiom. com/overview/ Behar, R. (2004, February 23). Never Heard Of Acxiom? Chances Are It’s Heard Of You. How a little-known Little Rock company–the world’s largest processor of consumer data–found itself at the center of a very big national security debate. Retrieved from CNN Money: http://money. cnn. com/magazines/fortune/fortune_archive/2004/02/23/362182/index. htm Bidgoli, H. (2012). MIS2. Boston: Cengage Learning.