SandForce announced their SF-2000 series controller way back in 2010 as an overall improvement to the SF-1200 and SF-1500 series. Part of that upgrade included better security as the controller adopted a 256-bit AES algorithm, up from the 128-bit AES encryption on previous models. The problem, however, is that the 256-bit AES encryption on the SF-2000 controller doesn’t work properly.

The result is that SF-2000 controllers are still using 128-bit encryption, although that wasn’t exactly in the plans. The Tech Report spoke with SandForce to get a better understanding of the situation. As they were told, the US government doesn’t allow products with 256-bit encryption to be sold to certain countries.

There is an internal mechanism of sorts that is supposed to switch the drive between 128-bit and 256-bit encryption but it’s not working. When probed as to what exactly was wrong, SandForce said they couldn’t say due to security reasons. They did reveal that the issue is hardware-related and can be fixed with a firmware update.

The issue was recently uncovered during a security audit with Intel taking some of the credit as part of a specification update to their 520 Series SSDs. Although SandForce didn’t specifically say when the problem came to light, the publication got the impression that it had been within a number of days rather than weeks.

Intel will be offering refunds to buyers until October 1 while Kingston will offer users an exchange program where they cover the cost of return shipping. SandForce said that manufacturers would be responsible for dealing with customer returns with regards to the issue.