How did the hackers get in?
RSA is describing the attack as an advanced persistent threat, but isn't detailing what happened.
When will they?
It's not clear that they ever intend to: "As appropriate, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cybersecurity threat."
How did RSA react when it discovered the breach?
The company says in a statement that it took aggressive measures against the attack and hardened its IT infrastructure. It says it has also investigating and has notified appropriate authorities. It doesn't detail the measures, hardening efforts or who the authorities are.
When did this happen?
"Recently" is the closest RSA comes to telling. The company notified the Securities and Exchange Commission yesterday, and is reported to have been working with government customers on the fallout for more than a week.
Sign up for CIO Asia eNewsletters.