RSA suffered a security breach that weakened the security of its SecurID token. Lockheed Martin was attacked, possibly by someone exploiting the RSA penetration. Many companies (and many government agencies) have long relied on Secur ID tokens. Without details about the problem, though, it is unclear how they should protect themselves. The really interesting question is what proper response is. Should companies be required to disclose problems that could adversely affect their customers? Are companies that do not make such disclosures civilly liable if harm could be prevented by timely disclosure?”]
Source: https://www.cs.columbia.edu/~smb/blog//2011-05/2011-05-28.html