EMC Corp.'s RSA security division said it has experienced "an extremely sophisticated cyber attack" on its SecurID products, used by more than 25,000 customers world-wide to protect access to private data.
RSA said it is confident that the information extracted won't enable a successful direct attack on any of its customers; however, the information could be used to reduce the effectiveness of the SecurID's authentication process "as part of a broader attack."
"We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations," RSA Executive Chairman Art Coviello wrote in an open letter to RSA customers on the company's web site.
Coviello added that as a result of the attack, which he categorized as an "advanced persistent threat," RSA has hardened its tech infrastructure. The company also has begun an investigation into the attack and is working with the appropriate authorities, he said.
"We strongly urge immediate customer attention to this advisory," EMC said in a filing with the Securities and Exchange Commission. The Hopkinton, Mass., company added in the filing that it doesn't believe the matter will have a material impact on its financial results.
RSA's SecurID offers a two-step authentication process based on something you know, such as a password, and something you have, such as a token with a six-digit code that changes every 60 seconds. The company says that combination offers more protection than just a static password.
EMC bought RSA Security for $2.1 billion in 2006.
