RSA said information taken from it in a security breach in March has been used to attack defense contractor Lockheed Martin.
That attack was thwarted, RSA said, but the company has now offered to replace millions of its SecurID tokens used primarily by its customers protecting intellectual property and corporate assets.
As for the end users at the credit unions, banks and other e-commerce sites that use RSA online security services, the company offered “to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting Web-based financial transactions.”
The offers came Monday from Art Coviello, executive chairman of RSA, the Bedford, Mass.-based security arm of EMC.
“We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users,” Coviello said in a letter published on the company’s website.
When the attack was reported in March, Coviello described it as “extremely sophisticated” and targeted at the company’s widely used two-factor authentication services.
It was one of a series of highly publicized attacks against various sites, including Epsilon, Sony and Michaels. The NCUA soon after issued its own alert to credit unions.
