Hi Jarrod,
All the ACL information should be stored in the security files, and replicated across your environment to each hub. The security.cfg file in the $nimroot\hub directory should have the references to all your ACLs. If this file gets corrupted or deleted in some fashion, you will be asked to "Re-initialize" security on your hub, and a new set of security files will be created (with blank/standard ACLs). It sounds like this may be happening in your environment; Does the "reinitialize security" message seem familiar?
What does your hub architecture look like? (Tunnels, secondary/failover hubs?)
There should be a backup of the security file (security.bak), but it may be wise to keep an "off-site" backup of this file, as the backup is overwritten each time you make a change to your security (users,acls,etc).
Best Regards,
Ryan