RSA Breach Costs Parent EMC $66.3 Million

Money Spent Probing Hack, Bolstering Systems, Aiding Customers

By , August 1, 2011.
RSA Breach Costs Parent EMC $66.3 Million

T

See Also: Advances in Application Security: Run-time Application Self Protection

he damage caused by March's breach of security provider RSA (see RSA Says Hackers Take Aim At Its SecurID Products), aimed at its SecurID multifactor authentication token, did more than tarnish its reputation; it cost parent company EMC at least $66.3 million.

EMC Executive Vice President and Chief Financial Officer David Goulden, in a conference call with analysts last month, said the $66.3 million, taken as a charge against second quarter earnings, covered costs to investigate the attack, harden its IT systems and monitor transactions of corporate customers anxious that their SecureID security tokens had been compromised as well as the cost to replace some of the tokens.

In the call, Goulden said the company's investigation of the breach suggests the attackers sought information on its government and military accounts, and not financial data.

"The suspicion that our attacker was targeting the defense sector was reinforced in June when Lockheed Martin disclosed an unsuccessful attack on its systems that utilized, among other elements, information taken in the attack on RSA," Goulden said. "Lockheed Martin had implemented many security measures, including our best practices, and successfully detected and thwarted this attack. Subsequently, they accelerated their plans for token replacements to complete their SecurID remediation." (see Lockheed Attack Linked to RSA?)

New reports surrounding RSA's March breach, as well as digital assaults on other companies - Goulden specifically noted hacks on Google, Sony, Epsilon, the Australian government and PBS - have raised jitters among RSA customers. "The publicity resulted in many customers' risk tolerance going down whilst their level of awareness and concern went up," he said.

Despite the breach and customer anxiety, revenue for SecurID and RSA's security business grew in the second quarter by 13 percent from a year earlier, that's up from the 8 percent year-to-year growth rate posted in the first quarter.

Goulden suggested RSA's quick reaction to the breach that unnerved some customers was well received by them. He said RSA began to notify customers within hours after the company determined its systems had been breached. "Importantly, customers continue to tell us that they understand what happened, are comfortable with our communication and appreciate how we are working with them to ensure their SecurID environments are effective," he said.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Cyberthreat Info Sharing App Unveiled

FS-ISAC has teamed up with the Depository Trust and Clearing Corp. to offer software designed to...

Latest Tweets and Mentions

ARTICLE Cyberthreat Info Sharing App Unveiled

FS-ISAC has teamed up with the Depository Trust and Clearing Corp. to offer software designed to...

The ISMG Network