It's important to note exactly what happened as it indicates why current user security models are flawed. This is why I recommend implementing new, comprehensive models just emerging that will enable the next generation of protection in an increasingly sophisticated world of cyber attacks on companies and individuals. While all the details are not yet public (RSA rightly wants to keep some of the lower-level details private to prevent copycat attacks), enough of the details have surfaced that companies can learn from them and hopefully prevent similar attacks.
So, what happened? In a nutshell, a phishing e-mail message was sent to some lower-level personnel entitled "2011 Recruitment Plan." It included an Excel spreadsheet with a zero-day exploit Flash file. One or more of the recipients opened the file, thinking it was legitimate. The exploit then retrieved the user ID and password and established a connection on the SecureID server. There it gathered a number of data files and transferred them to a compromised staging server at a hosting provider. From there, the data was transferred to a remote server.
What is important to note is that RSA was able to catch this breach in process and halt it in near real time (although it was not able to prevent at least some sensitive information from escaping). This extraordinary defense was mounted because RSA was not just looking at log-in authorization and credentials, but was monitoring and analyzing all traffic exiting its network. As a result, RSA was able to determine that this connection was making unauthorized use of sensitive data, and was able to rapidly cut off access.