RSA Breach Costs Parent EMC $66.3 Million

Money Spent Probing Hack, Bolstering Systems, Aiding Customers
RSA Breach Costs Parent EMC $66.3 Million
The damage caused by March's breach of security provider RSA (see RSA Says Hackers Take Aim At Its SecurID Products), aimed at its SecurID multifactor authentication token, did more than tarnish its reputation; it cost parent company EMC at least $66.3 million.

EMC Executive Vice President and Chief Financial Officer David Goulden, in a conference call with analysts last month, said the $66.3 million, taken as a charge against second quarter earnings, covered costs to investigate the attack, harden its IT systems and monitor transactions of corporate customers anxious that their SecureID security tokens had been compromised as well as the cost to replace some of the tokens.

In the call, Goulden said the company's investigation of the breach suggests the attackers sought information on its government and military accounts, and not financial data.

"The suspicion that our attacker was targeting the defense sector was reinforced in June when Lockheed Martin disclosed an unsuccessful attack on its systems that utilized, among other elements, information taken in the attack on RSA," Goulden said. "Lockheed Martin had implemented many security measures, including our best practices, and successfully detected and thwarted this attack. Subsequently, they accelerated their plans for token replacements to complete their SecurID remediation." (see Lockheed Attack Linked to RSA?)

New reports surrounding RSA's March breach, as well as digital assaults on other companies - Goulden specifically noted hacks on Google, Sony, Epsilon, the Australian government and PBS - have raised jitters among RSA customers. "The publicity resulted in many customers' risk tolerance going down whilst their level of awareness and concern went up," he said.

Despite the breach and customer anxiety, revenue for SecurID and RSA's security business grew in the second quarter by 13 percent from a year earlier, that's up from the 8 percent year-to-year growth rate posted in the first quarter.

Goulden suggested RSA's quick reaction to the breach that unnerved some customers was well received by them. He said RSA began to notify customers within hours after the company determined its systems had been breached. "Importantly, customers continue to tell us that they understand what happened, are comfortable with our communication and appreciate how we are working with them to ensure their SecurID environments are effective," he said.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.