EMC’s Anti-Hacking Division Hacked

March 21, 2011

The anti-hacking unit of the world’s largest manufacturer of data storage computers has, itself, been hacked, according to a Securities and Exchange Commission filing by the company last Thursday. RSA, the security division of Hopkinton, Mass.-based EMC Corp., said in the filing that “a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products.” The RSA two-factor authentication device and technology generates an additional password that only the holder of the device would know. But if a criminal can figure out how those additional passwords are generated, the system is at risk. The breach is embarrassing for EMC’s security unit, which counts government, the military and many banks among its clients. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” the company said in the filing. To mitigate the effect of any such broader attack, RSA included in the filing a spate of recommendations for its clients including that they “increase their focus on security for social media applications and the use of those applications and Websites by anyone with access to their critical networks.”