RSA, whose SecurID identity tokens are used by some 80% of U.S. banks, was hacked in March 2011.  An analyst, who likens RSA to "Fort Knox," said "if RSA can get hacked, anybody can get hacked."   All told, an impressive line-up of global corporations, organizations and government offices reported cyber attacks in recent months.  Here are their stories. 

So that's today's take away - especially in financial services - you've got to be pro-active, ahead of the curve, 24/7.   Hackers may be at your gateway.

June 2010, AT&T.  Daniel Spitler broke into AT&T's servers and stole the email addresses and personal information of some 120,000 iPad users.  He pled guilty in June to identity theft and conspiracy to gain unauthorized access to computers - he can get up to five years in prison for each charge.

2/8-3/6/11, Michaels Stores.  Texas-based retailer Michaels announced these hits on 5/4/11, in which thieves compromised PIN-keypads at registers to steal credit card data.  They used a novel method to sort stolen credit card numbers by bank in order to attack one specific bank at a time, something that hadn't been done before.  This may have allowed the thieves to steal more money from each individual bank before additonal security measures were enacted.  Michaels was forced to replace at least 7,200 keypads at enormous cost.

March 2011, RSA Security.  RSA, the largest producer of SecurID identity tokens - used by an estimated 80% of U.S. banks - which employees use to access company computer systems.  About 40 million tokens were in use when their data was breached.  Redistribution of new tokens may cost banks between $50mn and $100mn.  One analyst likens RSA to "Fort Knox" and, "if RSA can get hacked, anybody can get hacked."

Late March 2011, Alliance Data Systems.  Hackers accessed the IT system of Epsilon Data Management, an Alliance subsidiary.  EDM is handles some 40 billion emails for 2,500 corporations and organizations - including financial giants JPMorgan Chase, Citigroup, Capital One, TD Ameritrade.  EDM said "only 2% of its 2,500+ clients were affected."  TD Ameritrade stopped using Epsilon after the breach.

4/20/11, 5/2/11, Sony.   Hackers accessed Sony's PlayStation Network and stole personal data for 77 million account, prompting Sony to shut down the network.  The second attack, against Sony's PC-game service, resulted in stolen data for 24.6 million accounts.  Sony shut down this service to prevent further intrusions. 

5/10/11, Citigroup.  Citi reported on 6/9/11 that a credit card data breach affected about 200,000 accounts - or 1% of its 21mn North American card customers.  The company initially announced it would send replacement cards to 100,000 of those customers, at a cost of $20 apiece.  The number of affected customers grew to 218,000 and, after a month of analysis, finalized at 360,000 customers.  All customers were notified, and Citi pledged to repay the $2.7 million stolen from customers.  Government investigations continue.

5/21/11, Lockheed Martin.  Lockheed battled network disruptions in mid-May, caused by hackers using SecurID data stolen in the March breach of RSA.  Lockheed was forced to replace around 45,000 SecurID tokens.

Late May 2011, Google.  Google blamed China for a May phishing attack targeted at the email accounts of government and military personnel.  Google's servers were not breached;  instead, users were tricked into willingly giving data by being linked from emails to fake log-in screens.

Early June 2011, International Monetary Fund. An IMF computer system was breached and numerous emails stolen by hackers utilizing login data gleaned from coordinated phishing attacks.  The attack may have been a politically motivated operation by hacker group Anonymous, who protested the IMF's approval of $40bn in loans to Greece.