Security Firm Offers to Replace Tokens After Attack

RSASecurity on Monday offered to replace its SecurID tokens for most of its 40 million users as it tries to regain customer confidence after prominent hacking attacks.

Arthur W. Coviello, the company’s executive chairman, made the offer in a letter posted on the company’s Web site. Most Fortune 500 companies and government agencies supply the electronic tokens to employees who need access to computer networks from customer offices, hotels or homes. The tokens generate random numbers for use in remote log-ins.

The move came three days after Lockheed Martin , the nation’s largest military contractor, confirmed that hackers had breached its network in May, partly by using data stolen from RSA in a separate hacking attack in March.

Lockheed’s was the first intrusion that was known to result from the hacking at RSA, a division of the EMC Corporation . RSA said in March that the hackers had stolen data that could compromise a company’s SecurID system in a broader attack.

Mr. Coviello said in the letter that characteristics of the attack on RSA “indicated that the perpetrator’s most likely motive” was to steal security information that could be used to obtain military secrets and intellectual property. He said RSA had worked with military companies to replace their tokens “on an accelerated timetable.”

He said RSA was expanding the offer to other companies, particularly those focused on protecting intellectual property and their corporate networks.