What did the RSA breach end up costing EMC?

RSA, the security division of EMC Corporation, has suffered a breach of its networks and the loss of critical data back in March.

An initial refusal of sharing details of the breach and the goal of the attackers with the public ultimately resulted in wide-spread speculation about the matter.

At the time, EMC said that it didn’t expect the company to suffer any financial repercussions following the breach, and I wasn’t the only one who was skeptical on that point.

As it turns out, EMC’s statement was an attempt to put on a brave face and reassure customers and investors alike.

In its earnings call for the second quarter of the running year, the company has revealed that it has spent $66 millions for investigating the attack, hardening their systems and working with customers (transaction monitoring, SecurID token replacements) to implement their remediation programs.

The company has also said that it believes that the breach was executed with the intention of harvesting information that would allow further attacks against defense and government agencies, but there was no comment on whether the attack against Lockheed Martin was carried out by using stolen data from the RSA breach.

Ultimately, the reported sum indicates only the direct losses suffered by the company because of the breach. Who knows what the final cost of loss of reputation will be? And will RSA be able to repair the broken trust?