RSA issued a press release, offering to replace all tokens if a customer asks for it. As an alternative, RSA also offers to implement additional authentication monitoring.

Aside from the press release, and an interview with the RSA CEO, there have not been any details about how this would work or how long it will take. However, RSA states that this will cover all customers, even if RSA considers them not at risk.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter