Navigate Up
Sign In

Security Breach involving RSA SecurID Tokens

NCUA RISK ALERT
 

NATIONAL CREDIT UNION ADMINISTRATION
1775 Duke Street, Alexandria, VA  22314

 
 
DATE:

August 2011

​Risk Alert No: ​11-Risk-01
TO:

Federally Insured Credit Unions

SUBJ:

Security Breach involving RSA SecurID Tokens

ENCL:

(1) NSA Advisory IAR-002-2011
(2) NSA Advisory IAA-003-2011


 
Dear Board of Directors:
 
The National Security Agency (NSA) issued the two enclosed advisories regarding risks presented by RSA SecurID tokens, products of EMC Corp. that were intended as second levels of defense against computer hacking.  A recent security breach at RSA may significantly raise the risk exposure of credit unions that rely on such anti-hacking programs. 
 
The advisories recommend that SecurID tokens issued prior to April 2011 be replaced and that additional steps be taken to safeguard the servers that support the RSA authentication process.  
 
The SecurID token generates a one-time passcode as a second form of authentication for users to access online and network systems.  This authentication process might have been compromised during a security breach disclosed by RSA on March 18, 2011.  The risk of relying on the tokens issued prior to April 2011 as a second form of authentication is greater than originally assessed. 
 
Impacted credit unions should review the enclosed advisories and follow the instructions to replace the SecurID tokens, as necessary.  Credit unions should take steps addressed in the advisories to improve the controls over the RSA authentication process.
 
If you have any questions or concerns, please contact your NCUA Regional Office or State Supervisory Authority.
                                                                        Sincerely,     
                  
                                                                           /s/
 
                                                                        Debbie Matz
                                                                        Chairman
 
 
Enclosures