Lockheed keeps mum on reported data breach
Company grappling with massive internal network problems; RSA SecurID tokens involved, Reuters report says
Computerworld - The nation's No. 1 defense contractor, Lockheed Martin, today would neither confirm nor deny a Reuters story saying the company had experienced a major data breach.
A Lockheed spokesman, Jeffrey Adams, said today in a brief statement via email that the company did not, as a matter of policy, discuss specific threats or responses. "We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security," the statement noted.
Earlier, a Reuters story quoting unnamed sources within Lockheed had reported that the defense contractor was grappling with a major internal computer network problem that had affected a "lot of people."
The incident has forced Lockheed to reset passwords for employees and take other unspecified measures. Lockheed has notified the Pentagon about the problem, the report said.
Reuters quoted technology blogger Robert Cringley as saying the intrusion may have involved the use of RSA's SecurID tokens, which Lockheed Martin employees use when logging into their network from outside the company.
RSA, part of EMC, had earlier this year disclosed that intruders had broken into its networks and potentially compromised data involving its SecurID authentication technology.
The Reuters story does not say when exactly the alleged intrusion may have occurred. But it does note that Lockheed employees have been experiencing a network slowdown since last Sunday.
Targeted attacks keep coming
Lockheed, which manufactures the F-22 and F-35 fighter planes and other weapons systems, is only one in a growing list of high-profile organizations that have been hit this year by highly targeted attacks.
In April, Oak Ridge National Laboratory, home to one of the fastest supercomputers in the world, was forced to shut down its email systems and Internet access for several days following a breach.
The measures were implemented after officials discovered attempts by someone to steal technical data from the lab's systems and send it to an external system.
More recently, Sony's PlayStation Network and Sony Online Entertainment networks were forced offline for several days after intruders broke into them and compromised data belonging to as many as 100 million account holders.
In Sony's case, the motive for the attack appears to be tied to the company's hard-line stance on copyright enforcement and IP protection. But in several of the other cases, the motives for the attack appear to be espionage and data theft.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Banks' suit in Target breach a 'wake-up call' for companies hiring PCI auditors
Read more about Data Security in Computerworld's Data Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts