, The Associated Press 2003-08-15
An Ohio man accused of hacking into computer servers at Acxiom Corp., one of the largest database companies in the world, has been charged in federal court in his home state, federal officials said Friday.Daniel Baas, 24, of Milford, Ohio, was charged with computer fraud in U.S. District Court in Cincinnati.
The charge, filed Thursday, was accompanied by an affidavit from a Hamilton County sheriff's detective, who said Baas copied information from the Little Rock-based company's servers onto CDs, which were found in Baas' home.
Authorities said they didn't find evidence that Baas shared the information with others online, but said the violation caused Acxiom about $1.5 million in damage.
The affidavit also alleges that Baas claimed he had access to private phone databases from Cincinnati Bell, AT&T Mobile, Sprint PCS and Nextel, although the charge does not name the telephone companies as victims of the federal crime.
Friday, Acxiom spokesman Dale Ingram referred questions about the case to the court record. He would not comment further.
Besides the federal charge, Baas faces four Ohio charges of unauthorized use of property involving three companies, including Acxiom.
Baas has been in custody since he was arrested Aug. 1 on two charges that he stole information from his former employer, Market Intelligence Group. He was arrested again in June on a charge that he hacked into an unnamed company's database and stole information.
If convicted of the federal charge, Baas could face five years in prison and a fine of up to $250,000.
Baas was in the Hamilton County jail, but was expected to be transferred to federal custody sometime next week when a hearing will be set in the case, according to Fred Alverson, a spokesman for the U.S. Attorney's office in Columbus, Ohio.
In the affidavit, sheriff's detective Rick Sweeney said Baas bragged to Internet chat mates that "he had accessed Acxiom Corporation and had removed databases."
Sweeney said recovered chat conversations showed that Baas asked his chat mates if they would help him organize the Acxiom information in exchange for unrestricted access to the data.
But Sweeney said, "To date, detectives have not found any evidence that the data may have in fact been shared by Baas in these chat logs."
The detective said in the affidavit that he caught Baas after finding chat transcripts on the computer of another suspected hacker. In those logs, Baas told the hacker that he had access to the Cincinnati Bell database, Sweeney said.
That led Sweeney to file search warrants for Baas' residence and employer, Market Intelligence. Sweeney said he found CDs with information about Acxiom's clients and customers at Baas' home. The hack on Acxiom took place from Baas' home computer from Dec. 10, 2002, to around Jan. 2, 2003, the affidavit said.
Sweeney said he contacted Acxiom and informed the company of the breach after he found the CDs. Company representatives then traveled to Ohio, where they were given a copy of the stolen material so they could contact affected clients.
Jennifer Barrett, Acxiom's chief privacy officer, said the company did not know about the breach until it was contacted by Hamilton County authorities. She said about 10 percent of the company's customers were affected.
Acxiom analyzes consumer databases for a variety of companies, including several Fortune 500 firms.
Barrett said the company had contacted the companies involved. She emphasized that much of the information taken from the server was encrypted and that the risk of identity theft was slim.