CBA mulls RSA tokens post Lockheed

Summary:The Commonwealth Bank of Australia (CBA) will continue to use its fleet of RSA SecurID tokens, despite a recent security breach that saw compromised tokens used in an attack on US-defence contractor, Lockheed Martin.

Commonwealth Bank of Australia has clarified that although it was keeping the tokens for now, it would be reviewing the situation, which could result in a replacement of tokens in the future.

The Commonwealth Bank of Australia (CBA) will continue to use its fleet of SecurID tokens as it works through discussions with RSA, following a recent security breach that saw compromised tokens used in an attack on US-defence contractor, Lockheed Martin.

Commonwealth Bank logo

(Credit: Luke Hopewell/ZDNet Australia)

The bank told ZDNet Australia today that it has implemented "an additional layer of security" as discussions progress.

"As a security measure, we've put in additional security, and we continue to talk to RSA since [the breach]," it said.

While the bank declined to go into more detail around the extra layer of security that it had implemented, it said that it continues to monitor all secure systems for potential breaches around the clock.

"The tokens are only one part of a multi-layered security process," the bank said.

RSA executive chairman Art Covielloreportedly admitted yesterday that the company will replace SecurID tokens "for virtually every customer we have".

ZDNet Australia contacted other banks for an update on their RSA SecurID procedures, including ANZ Bank and HSBC; however, neither had offered a response at the time of publication.

RSA revealed in April that the SecurID token system had been put at risk after a staff member inadvertently ran an Excel document that took advantage of an Adobe Flash vulnerability, installing a backdoor into the company's system. From there, hackers launched an "extremely sophisticated cyber attack", according to RSA, where information was extracted from the company's systems.

RSA said yesterday that it is set to expand the replacement and remediation program for its customers, citing an increasingly unsteady security landscape.

"An unprecedented wave of cyber attacks against varied and high-profile targets such as Epsilon, Sony, Google, PBS and Nintendo have commanded widespread public attention. These attacks are totally unrelated to the breach at RSA, but point to a changing threat landscape and have heightened public awareness and customer concern," Coviello said yesterday in an open letter.

Topics: Security, Banking

About

A fresh recruit onto the tech journalism battlefield, Luke Hopewell is eager to see some action. After a tour of duty in the belly of the Telstra beast, he is keen to report big stories on the enterprise beat. Drawing on past experience in radio, print and magazine, he plans to ask all the tough questions you want answered.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.