Home & Office

RSA steps up token replacement

Following March breach and first related customer attack, vendor now extends SecurID replacement offer to organizations "focused on protecting intellectual property and corporate networks" to boost consumer confidence.
Written by Vivian Yeo, Contributor

Authentication expert RSA has pledged to extend the replacement program of its flagship authentication token to more customers, to ease worries about cyberattacks related to the theft of SecurID product information earlier this year.

In an open letter to customers dated Jun. 6, RSA Chairman Art Coviello said the EMC-owned security vendor will offer new tokens to "customers with concentrated user bases typically focused on protecting intellectual property (IP) and corporate networks". In addition, it will also "implement risk-based authentication strategies" such as monitoring and fraud detection services for consumer-facing organizations, particularly financial institutions.

In an interview with The Wall Street Journal, Coviello noted the measures would be extended to "virtually every customer we have".

RSA has to date issued about 40 million physical tokens worldwide.

The executive added in the letter that the stepped-up efforts were to enhance customer confidence in the wake of an attack on Lockheed Martin, its customer, as well as breaches suffered by the likes of Epsilon, Sony and Nintendo, which were not related to the RSA attack.

Elaborating on Lockheed Martin, Coviello said information stolen from RSA in March "had been used as an element of an attempted broader attack" on the U.S. government defense contractor. The thwarted Lockheed Martin attack "does not reflect a new threat or vulnerability" in the RSA SecurID technology though, he stressed, adding that the company remains "highly confident" in the product.

According to the Coviello, following the March breach, RSA had deduced the attackers were after data that "could be used to target defense secrets and related IP". The company therefore worked with clients in or partnering the defense sector to replace their SecurID tokens, and continues to do so, he said.

Attacks at two other U.S. defense contractors have also been linked to the stolen RSA data. Various security experts hinted at China's involvement in these incidents, ZDNet Asia's sister site CNET reported last week.

Editorial standards