The company believes some information was extracted from the products, called SecurID, during the attack.
The Hopkinton, Mass.-based company, which rated the attack an Advanced Persistent Threat, said it is investigating the issue and has contacted the appropriate authorities.
“Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day,” The company’s executive chairman Art Coviello. “We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening our IT infrastructure.”
Coviello said the company is confident that the information extracted does not enable a successful direct attack on any of its RSA SecurID customers, though he warned the information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
Other RSA and EMC products are not believed to have been targeted, nor were customer or employee personal information.
The company plans on providing SecurID customers the tools and support needed to strengthen the security of their IT systems, including RSA and EMC internal resources as well as engagement with its partner ecosystems in relevant partners.
SecurID offers a two-step authentication process that seeks to offer an additional layer of protection. Examples would include a password in addition to an authenticator that changes your password ever 60 seconds.