For any company that makes its living selling security, it's a nightmare come true. This week, RSA Security admitted that hackers who broke into its network three months ago had stolen information about its SecurID tokens and then used that information to attack a customer, Lockheed Martin.
RSA seems to think the vast majority of its customers aren't directly threatened by the hacking incident, but the company's reputation has taken a hit. And users and pundits alike have blasted RSA for not being clear about exactly what was taken, and how it could affect them.
Calls for more disclosure about the March hacking incident only got louder this week, after Lockheed Martin confirmed that it was reissuing RSA tokens company-wide in response to the attack, and after RSA began offering to replace tokens for any customers who asked.
By not disclosing what happened, RSA is making it hard for customers to understand the risks they face and make informed decisions, said Thierry Zoller, practice lead for Verizon Business Luxembourg. "It's time for them to come clean," he said. "By not coming clean they are creating more fear, uncertainty and doubt than necessary."