Any news as to the remedy?
Found anyone who is willing to say, off the record, that RSA has either provided them with new SecurID tokens, or told them that would fix the problem?
If the tokens were replaced, that would seem to indicate either the seeds were stolen or there's an implementation weakness. If it's a software update on the server side, a patch to the underlying Oracle database, etc., that's still a problem, but a very different one.
My money is on new tokens.