RSA, the security division of EMC, is to replace some of its 40 million SecurID tokens following the hacking attack disclosed in March.
RSA issued a letter to customers, acknowledging for the first time intruders had launched a cyber attack at Lockheed Martin using data stolen from RSA.
The move comes just days after Lockheed Martin said it had proof hackers breached its network using data stolen from RSA. Lockheed Martin said the stolen data compromised RSA SecurID tokens protecting remote access to its computer networks.
However, RSA executive chairman Art Coviello said some customers may not need to replace their SecureID tokens because of their specific security needs, according to the Wall Street Journal.
Art Coviello said RSA had concluded, from a forensic analysis of the cyber attack on its systems, that its defence customers were likely targets.
Shortly after reaching this conclusion, RSA began working with its government and military-contractor customers, and offered to replace all their SecurID tokens, Coviello claims.
At the time of the RSA breach, Coviello said the data extracted did not enable a successful direct attack, but did not exclude the possibility that the data could be used as part of a broader attack.
With the Lockheed attack proving it possible to hack a third-party using data taken from RSA, Coviello admitted there could be further attacks while tokens are being replaced.
He emphasised that the Lockheed attack is the only confirmed attack using the stolen data, but added that RSA is working with other companies that suspect they were similarly targeted.
RSA said Lockheed planned to continue using the SecurID tokens, but security experts believe RSA's reputation has been damaged. Many of RSA's 25,000 customers could face difficult decisions about what to do next, according to the New York Times.
Lockheed announced it is replacing 45,000 SecurID tokens held by remote workers. Lockheed says it is adding a further step to the sign-on process and all users will change their passwords.
RSA has been reluctant to specify what data was stolen in March, but the time has come to say exactly what was stolen and give clear guidance to customers on what they should do, says Mikko Hypponen, chief research officer at F-Secure.
All users of RSA SecurID tokens should assume the worst and consider replacing them, Mikko Hypponen advises.