The disclosure sent shock waves across the security community because the SecurID product, widely regarded as a security best practice, had long been the product of choice for many Fortune 500 enterprises. Shortly after the RSA breach, several defense contractors, including Lockheed Martin, disclosed that they had experienced cyber attacks on their networks. At least one of these attacks was reported to have used spoofed passcodes from a cloned RSA SecurID token.
The consequences of this attack were potentially highly damaging for both RSA and the customers of its security authentication product. Fortunately, RSA acted quickly to contain the damage, immediately informing customers and advising them to take action to strengthen their SecurID implementations. EMC reported that it had spent at least $66 million on remediation. According to RSA executives, no customer networks were breached, although the breach eventually affected over 700 organizations and was estimated by a Gartner analyst to have cost the banking industry $50-100 million in replacement costs for new tokens.