A Bedford security systems maker is scrambling to deal with an “advanced persistent threat” against some of its high-value computer systems. The company’s clients include Wells Fargo & Co. and the system is similar to those used by many Internet banks.
The Boston Globe reports the company revealed the attack on Thursday and said it involved its SecurID technology. The redundant security system is of a type popular with Internet banks; it uses two different passwords to gain access to a network. One password is memorized by the user, while the second is a random set of numbers that appears on a token — a small electronic device carried by a user.
Boston bank attorneys should always be consulted when establishing an Internet bank’s user service agreements. Banks dealing with a security breach should also work in tandem with a law firm to limit liability that could ultimately result from theft from customers, identity theft and other consequences of a security breach.
The SecureID uses random numbers that change every minute. The token, typically carried on a keychain, displays the number a user types into the system to gain access to the network. It is used by 40 million people at 30,000 organizations worldwide, including Wells Fargo & Co., Rolls Royce Motor Cars Ltd. and Lockheed Martin Corp.
A successful breach could allow access to customer information. Such a breach could also be used by hackers to establish back doors in to the system, which could grant them future access to token numbers and customer accounts. The company said in a filing with the Securities and Exchange Commission that it does not believe employee or customer information was accessed.
The Boston business attorneys at The Brown Law Firm, LLC, represent businesses and banks in employment issues, contract matters, and business disputes. For a no-cost, confidential consultation, call (617) 489-0817 or contact us through this website.