RSA gets hacked, writes letter to customers

The not so secure security company

You know it’s bad when a security company gets hacked, but when a company like RSA gets hacked, then it’s really bad. RSA is a division of EMC2 and it’s possibly the most prolific computer security company in the world, in no small part thanks to its SecurID key fobs which millions of people use on a daily basis to access various corporate and government networks.

The breach of RSA is a serious incident and the company has written an open letter to all of its customers to apologize. RSA claims that they have taken “a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure”. This is all good news, but considering the kind of information that RSA is helping to protect globally, you would have thought these steps should’ve been taken to prevent the kind of breach that took place.

The letter goes on to say “Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products”. That’s extremely serious, although the RSA claims that this information on its own doesn’t allow for a direct breach of its SecurID system, RSA says that it might’ve reduced the effectiveness of “a current two-factor authentication implementation” if one of their customers get attacked.

As to what the exact outcome of the security breach is, well, we’re most likely not going to find that out, but in the letter the RSA apologizes profoundly to its customers and promises to do its absolutely best to make sure that this type of breach never happens again and that it will co-operate with “the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat.”

Still, as an extra security measure, the RSA advices its customers to “strengthen their SecurID implementations” whatever that implies. It’s likely that this breach of security will have long term ramifications in the computer security industry for some time and the more paranoid companies and government agencies are likely to add additional layers of security to their systems. One thing is quite clear from this though, there is no such thing as a secure computer security system. But that isn’t news.S|A

The following two tabs change content below.