RSA has offered to replace certain users' SecurID tokens following significant attacks on the security firm in March.
The company also admitted yesterday the SecurID data taken during the breaches had been used in an attack on US defence supplier Lockheed Martin.
"On Thursday 2 June 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major US government defence contractor," said Art Coviello, executive chairman of RSA, in an open letter.
"We recognise that the increasing frequency and sophistication of cyber attacks generally, and the recent announcements by Lockheed Martin, may reduce some customers' overall risk tolerance."
RSA offered token replacement to those customers "with concentrated user bases typically focused on protecting intellectual property and corporate networks."
"We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users," Coviello said.
For anyone who thought tokens might be on their way out as a two-factor authentication mechanism, RSA appeared to disagree.
"We will continue to invest heavily in both our SecurID and our risk-based authentication technologies," Coviello added.
"We believe that SecurID is the most powerful multi-factor authentication solution in the industry."
Lockheed lament
RSA's confirmation of the information used in the attempt on Lockheed came after much speculation duplicates of the SecurID tokens were used in the attack.
Rick Moy, president and chief executive (CEO) of NSS Labs, claimed Lockheed had long enough to change its tokens following the strike on RSA.
"Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach," Moy said in a blog post.
"Based upon their remediation actions for this breach, Lockheed Martin's senior executives chose to do very little about the compromised SecurID token technology in spite of many warnings issued by security specialists about the potential aftereffects of the RSA attack."
At the time of publication, Lockheed had not offered IT PRO a response to Moy's criticisms.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systemsNews Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research headThere's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on new hacking tacticsFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for SecurityNews Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
