updated 11:20 am EDT, Fri March 18, 2011
RSA hacked, SecurID clients may be vulnerable
RSA, the security division of EMC and maker of SecurID systems used by many large corporations, has just admitted that its security systems were hacked. The company assures everyone that it has taken aggressive measures against the "extremely sophisticated" cyber attack along with an extensive investigation of the attack. It claimed the attack was an Advanced Persistent Threat (APT) that would have been difficult to stop.
The attack was successful, however, as RSA said the unnamed attackers extracted information related to the company's SecurID two-factor authentication products. The stolen data cannot be used for a direct attack on SecurID products, it argued, but could be used as part of a broader attack. No personally identifiable information was taken, the RSA assured users.
The RSA is in talks with affected customers on preventative steps but didn't say what those would entail or how soon they would be in place.