Cost of a Breach: RSA $66M, So Far

Tuesday, August 2, 2011 @ 11:08 AM gHale

When making a business case for a security plan, comparing the cost of integrating the plan to the actual cost of a breach is hard to determine. But now just take a look at what happened to RSA Security.

That data breach resulted in the theft of information related to its SecurID authentication product and it cost RSA Security and its parent company EMC $66 million to date.

Cloud Usage Up, Even for Attackers
Cloud Daze; Breaches Pile Up
Lessons Learned: Tips to Avoid Data Theft

“We incurred an accrued cost associated with investigating the attack, hardening our systems and working with customers to implement our remediation programs,” EMC’s executive vice president David Goluden said during an earnings call.

The costs included expenses associated with monitoring the networks of customers concerned over the integrity of the product after the breach.

The intrusion occurred in March and was the result of a spear phishing attack against RSA employees which exploited a zero-day Flash Player vulnerability.

The company was very vague following the breach saying only information regarding its SecurID product was a target, but that its customers are not at risk.

SecurID is a two-factor authentication solution consisting of a hardware token that generates unique one-time use codes. Estimates show there are over 40 million SecurID tokens in existence and it sees use by thousands of companies, organizations and government agencies around the world.

In May, a cyber attack against Lockheed Martin involved cloned SecurID devices.

Following the attack and the revelation that other military contractors might also have been a target as a result of its data breach, RSA Security offered to replace all SecurID tokens for concerned customers.

It’s not clear how many customers requested replacements so far and how many requests RSA honored.

Leave a Reply

You must be logged in to post a comment.