RSA is reporting today in an open letter to their customers that they have detected an extremely sophisticated attack on their systems and that some information related to their SecurID two-factor authentication systems has been extracted:

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations.

Rich Mogull over at Securosis has additional commentary.

What’s interesting is that this is no random drive-by attack, but rather a targeted assault on a major security vendor.  This is a big deal, of course, because so many organizations rely on RSA’s SecurID systems for authentication.  We currently don’t know the vector of the attaack, what information was lost, or exactly how this will affect SecurID users.  One thing is for sure, if you have a SecurID token from a bank or some other provider, you will want to contact them for guidance.

This is one evolving situation we’ll be watching over the next several days and weeks.

Tags: data breach, RSA SecurID, threats

This entry was posted on Friday, March 18th, 2011 at 1:40 pm and is filed under Security Blog Beat. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.