Last month, at RSA, which produces SecurID tokens, an employee received an e-mail entitled “2011 Recruitment Plan” and clicked on its Excel attachment. This released a program that gave hackers access to the company’s network and allowed them to lift information about the tokens.