On March 17, 2011, RSA (the maker of SecurID token hardware and software-based solutions) announced it had been the victim of “an extremely sophisticated cyber attack…” According to the announcement, information “related to RSA’s SecurID two-factor authentication products” was among the information compromised during the attack, though the company stated they did not believe the information would allow for a successful “direct attack” on SecurID customers and that personally identifiable information was not compromised. The company also encouraged SecurID customers to take certain steps to prevent potential attacks.
The lack of more specific details about the attack has sparked intense speculation in the security community about what specific information was compromised and the likelihood that such information could be used to compromise systems secured with SecurID products. The Department of Homeland Security is working with RSA to investigate the compromise.
