This brings back memories of that Alanis Morrisette song “Ironic”. A security firm being hacked is akin to the fire department burning down. It’s simply something you wouldn’t expect to happen.
Now that it has, it is all about how big of a breach it was. As of today, that is not clear at all. The CEO’s open letter, was rather vague and didn’t give the details. I have seen a few blog entries from Mark Diodati that speculate as to what might have happened. It is an interesting read, but conjecture for the moment.
There are hundreds of the largest companies in the world using RSA’s SecurID product to provide two factor authentication into corporate networks. The ripple effect here could be huge. I know that many of Optimal IdM's customers utilize SecurID for their two factor authentication needs.
The question in my opinion is how will RSA handle this in the next few days/weeks? Will they handle this like the Tylenol scare of 1982 where Johnson & Johnson did by most accounts an excellent job of handling a recall, or will this be a ValueJet disaster? In my opinion, right now no news is bad news. RSA needs to hit this head on with what happened and what the level of risk/exposure is there for customers.
SearchSecurity quotes sources that say they believe the hack is limited. Again, this is simply conjecture at the moment. Let the FUD begin from RSA's competitors...