The servers of RSA, the security division of information storage giant EMC, have been breached and sensitive information from more than 40 million employees may have been compromised.
The information at risk is the two-factor authentication tokens used by employees to access corporate and government networks.
The RSA authentication security system uses these tokens to create a time sensitive number for an employee to enter along with his or her password.
This additional security measure is important because it prevents attempts from hackers who may have uncovered an employee’s password. If the hackers were able to access information from a particular company, they might be able to generate the password for one of its tokens.
Says RSA Executive Chairman Art Coviello, “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
RSA’s system is currently used by approximately 25,000 organizations, including banks and the US military.
RSA contacted customers asking them to follow a number of cautionary practices. The company says it is examining the breach and is working with the authorities; there is no doubt more information will be announced shortly.