RSA offers token replacement after Lockheed attacks
SecurID token replacement has been reserved for customers "focused on protecting intellectual property and corporate networks."


RSA has offered to replace certain users' SecurID tokens following significant attacks on the security firm in March.
The company also admitted yesterday the SecurID data taken during the breaches had been used in an attack on US defence supplier Lockheed Martin.
"On Thursday 2 June 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major US government defence contractor," said Art Coviello, executive chairman of RSA, in an open letter.
"We recognise that the increasing frequency and sophistication of cyber attacks generally, and the recent announcements by Lockheed Martin, may reduce some customers' overall risk tolerance."
RSA offered token replacement to those customers "with concentrated user bases typically focused on protecting intellectual property and corporate networks."
"We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users," Coviello said.
For anyone who thought tokens might be on their way out as a two-factor authentication mechanism, RSA appeared to disagree.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"We will continue to invest heavily in both our SecurID and our risk-based authentication technologies," Coviello added.
"We believe that SecurID is the most powerful multi-factor authentication solution in the industry."
Lockheed lament
RSA's confirmation of the information used in the attempt on Lockheed came after much speculation duplicates of the SecurID tokens were used in the attack.
Rick Moy, president and chief executive (CEO) of NSS Labs, claimed Lockheed had long enough to change its tokens following the strike on RSA.
"Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach," Moy said in a blog post.
"Based upon their remediation actions for this breach, Lockheed Martin's senior executives chose to do very little about the compromised SecurID token technology in spite of many warnings issued by security specialists about the potential aftereffects of the RSA attack."
At the time of publication, Lockheed had not offered IT PRO a response to Moy's criticisms.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Cloudflare is cracking down on AI web scrapers
News Cloudflare CEO Matthew Prince said AI companies have been "scraping content without limits" - now the company is cracking down.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
RSAC in focus: Key takeaways for CISOs
The RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and security
Experts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurity
AI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurity
Experts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025
As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate security
Organizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionals
Analysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever