RSA Security has confirmed reports that security tokens stolen from it in March 2011 were used in a cyber attack US defense contractor Lockheed Martin last month.
In an open letter published yesterday, RSA chairman Art Coviello said it has "confirm[ed] that information taken from RSA in March [was] used as an element of an attempted broader attack on Lockheed Martin".
Coviello denied that the SecurID token system had been fundamentally compromised, however. "It is important for customers to understand that the attack on Lockheed Martin does not reflect a new threat or vulnerability in RSA SecurID technology," he wrote.
The company nevertheless offered to replace customers’ existing SecurID tokens, which are used to add an extra authentication factor to IT systems.
Coviello implied that the attacks were politically or militarily motivated. "The fact that the only confirmed use to date of the extracted RSA product information involved a major U.S. defense contractor only reinforces our view on the motive of this attacker."
Lockheed Martin, one of the US government’s largest suppliers, said that no sensitive information was compromised in the attack.