- THE MAGAZINE
- VERTICAL SECTORS
- Critical Infrastructure
- Stadiums/Arenas/Large Public Venues
- Supply Chain/Distributing and Warehousing
- Retail, Convenience Stores, Banks, Gas Stations
- Ports, Terminals and Transportation
- Construction, Real Estate, Property Management
- Healthcare/Hospitals/Pharma/ Medical Centers
- Government Data Center Security
- Casino Security
- Government (Federal, State and Local)
EMC, the world's biggest maker of data storage computers, said that its security division has been hacked.
EMC said in a filing with the Securities and Exchange Commission that its security division, RSA, was the victim of what is known as an "advanced persistent threat," industry jargon for a sophisticated computer attack.
An AP report says that EMC recently discovered an "extremely sophisticated" attack in progress against its networks and discovered that the infiltrators had made off with confidential data on RSA's SecurID products. The technology underpins the ubiquitous RSA-branded keychain "dongles" and other products that blanket important computer networks with an additional layer of protection.
The products make it harder for someone to break into a computer even if a password is stolen, for example. The RSA device, working in concert with back-end software, generates an additional password that only the holder of the device would know, the report says. But if a criminal can figure out how those additional passwords are generated, the system is at risk.
In its SEC filing, RSA said that it is "confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers." However, it warned that "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."
"We have no evidence that customer security related to other RSA products has been similarly impacted," said the company's executive chairman, Art Coviello. "We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident."
The company said it is providing "immediate remediation steps" for customers, but did not elaborate.