Skip to Content

March

2011

SecurID Suffers Security Breach

Blogs, Cyber Risks, Liabilities, Insurance and Litigation

The New York Times reported this week that the RSA Security division of the EMC Corporation suffered a “sophisticated data breach, potentially compromising computer security products widely used by corporations and governments.”

Many readers may be familiar with RSA’s electronic tokens, which generate time-based numbers to access corporate computer systems.

RSA reported that “there was currently no indication that the [improperly accessed] information had been used to attack its customers.”

One computer security specialist speculated that the attack on RSA could have involved the theft of a “master key” involving RSA’s encryption algorithm, or worse, could have allowed the thief to duplicate security tokens to improperly gain access to corporate networks. 

RSA, however, has stated that it is “confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers.” RSA’s executive chairman, Art Covello, stated in an “Open Letter to RSA Customers” that the stolen information “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”