Competitors in the data-marketing industry such as ChoicePoint Inc. and Lexis-Nexis aren't the only ones taking aim at Acxiom Corp. The database-management company's headquarters in Little Rock, Ark., has been hit by gunfire three separate times since November of last year--the result of being too close to a major highway rather than any specific animus, insists a company spokesperson.

And as one might expect, the company is a target for spammers gunning for the mailing-list mother lode. In July, the owner of a spam company called Snipermail, Scott Levine, of Boca Raton, Fla., was indicted for allegedly stealing 8.2 gigabytes of data valued at more than $7 million from Acxiom between April 2002 and August 2003, the largest theft of personal data to date, according to federal officials. Levine's involvement came to light during a separate investigation of an Ohio resident who also had accessed Acxiom's external FTP server illegally to steal data.

Acxiom executives acknowledge the hacking incidents were a wake-up call and that the company needed to be more vigilant in securing the petabytes of data under its stewardship. "We realized we had a gap and we moved very quickly to fill it," says Jerry Jones, business development and legal leader.

Late last year Acxiom created a chief security leader position and named Frank Caserta, previously a senior technical adviser in the database and data warehouse group, to the post. Caserta says his job is to make sure Acxiom has a centralized, strategic view of data-security issues and to champion best data-security practices within Acxiom and among its clients.

In response to the hacking incidents, Acxiom changed its password structures, and reduced the amount of time data resides on its FTP servers. Also, Acxiom has gotten religion about data encryption: About 75% of all data flowing between Acxiom and its clients is now encrypted, and Acxiom is leaning on its clients to make that 100%.