EMC, the outfit which makes data storage, has admitted that its security division, RSA, has been hacked.
For those who came in late, EMC touts itself as a top security vendor and its boxes protect highly sensitive computer systems. It uses RSA technology in its server packages.
The outfit said that the hackers compromised the widely used RSA technology for preventing computer break-ins.
RSA protects heavily guarded networks by making sure that the great unwashed cannot enter without proving who they are.
Its customers include the military, governments, various banks and medical facilities and health insurance outfits.
EMC said in a filing with the Securities and Exchange Commission that RSA was the victim a sophisticated hack.
It might have been carried out by another country or cybercriminal gang with money to burn.
It would appear that the target of the raid was data on RSA’s SecurID products. This underpins the RSA-branded keychain “dongles” and other products that blanket important computer networks with an additional layer of protection.
The are designed to make it hard to break into a computer even if the password is stolen.
If a criminal can figure out how those additional passwords are generated, the system is at risk.
RSA said that it is “confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers”.
But it did admit that the information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
The company said it is providing “immediate remediation steps” for customers. That means it is fixing the problem as fast as it can.