Lockheed keeps mum on reported data breach
Company grappling with massive internal network problems; RSA SecurID tokens involved, Reuters report says
Computerworld - The nation's No. 1 defense contractor, Lockheed Martin, today would neither confirm nor deny a Reuters story saying the company had experienced a major data breach.
A Lockheed spokesman, Jeffrey Adams, said today in a brief statement via email that the company did not, as a matter of policy, discuss specific threats or responses. "We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security," the statement noted.
Earlier, a Reuters story quoting unnamed sources within Lockheed had reported that the defense contractor was grappling with a major internal computer network problem that had affected a "lot of people."
The incident has forced Lockheed to reset passwords for employees and take other unspecified measures. Lockheed has notified the Pentagon about the problem, the report said.
Reuters quoted technology blogger Robert Cringley as saying the intrusion may have involved the use of RSA's SecurID tokens, which Lockheed Martin employees use when logging into their network from outside the company.
RSA, part of EMC, had earlier this year disclosed that intruders had broken into its networks and potentially compromised data involving its SecurID authentication technology.
The Reuters story does not say when exactly the alleged intrusion may have occurred. But it does note that Lockheed employees have been experiencing a network slowdown since last Sunday.
Targeted attacks keep coming
Lockheed, which manufactures the F-22 and F-35 fighter planes and other weapons systems, is only one in a growing list of high-profile organizations that have been hit this year by highly targeted attacks.
In April, Oak Ridge National Laboratory, home to one of the fastest supercomputers in the world, was forced to shut down its email systems and Internet access for several days following a breach.
The measures were implemented after officials discovered attempts by someone to steal technical data from the lab's systems and send it to an external system.
More recently, Sony's PlayStation Network and Sony Online Entertainment networks were forced offline for several days after intruders broke into them and compromised data belonging to as many as 100 million account holders.
In Sony's case, the motive for the attack appears to be tied to the company's hard-line stance on copyright enforcement and IP protection. But in several of the other cases, the motives for the attack appear to be espionage and data theft.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
Read more about Data Security in Computerworld's Data Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts