Lockheed says hackers used SecurID data

New York Times / June 4, 2011

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

Lockheed Martin said yesterday that it had proof that hackers breached its network two weeks ago partly by using data stolen from a vendor that supplies coded security tokens to tens of millions of computer users.

Lockheed’s finding confirmed the fears of security experts about the safety of the SecurID tokens and heightened concerns that other companies or government agencies could be vulnerable to hacking attacks.

The electronic tokens, which are used to protect remote access to computer networks, are sold by the RSA Security Division of EMC Corp. EMC is based in Hopkinton, Mass.

RSA officials said yesterday that they accepted Lockheed’s findings and were working to offset the risks through other measures.

RSA disclosed in March that hackers had stolen data that could compromise a company’s SecurID system in a broader attack, and the breach of Lockheed, the nation’s largest defense contractor, is the first time that is known to have occurred.

RSA officials noted that Lockheed said it planned to continue using the SecurID tokens, and they said they believed other customers would as well.

But security experts said RSA’s reputation had most likely been seriously damaged, and many of its 25,000 customers, including Fortune 500 companies and government agencies around the world, could face difficult decisions about what to do next.