A screen capture of VeriSign's website
(WEB HOST INDUSTRY REVIEW) — Internet infrastructure services provider VeriSign was the target of multiple online attacks throughout 2010 which resulted in stolen information, according to a report by Reuters which cites the company’s quarterly regulatory filing.
The company did not include the details of the stolen information or any specifics regarding the attacks in its 10-Q report filed in October with the US Securities and Exchange Commission.
VeriSign wrote in the filing that it “faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers,” and that the “information stored on the compromised corporate systems was exfiltrated.”
The attacks are not believed to have affected the servers that run the DNS network. Though VeriSign’s information security department discovered the attacks soon after they happened during 2010, the information was not passed on to management until September 2011.
“Given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information,” the filing said. “In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future.”
It has yet to be determined whether or not the security breach affected VeriSign’s previous SSL certificate division before it sold the company to Symantec in May of 2010, but Symantec spokeswoman Nicole Kenyon told Reuters that “there is no indication that the 2010 corporate network security breach mentioned by VeriSign Inc was related to the acquired SSL product production systems.”
Reuters first discovered the VeriSign disclosure in the “Risk factors” section of the filing during an examination of more than 2,000 corporate documents that were filed since the SEC published new guidelines for reporting security breaches.
VeriSign joins a handful of other certificate authorities, including GlobalSign, DigiNotar, and Comodo, which all reported security breaches last year.
About Justin Lee
Justin Lee has been a staff analyst with theWHIR since 2004. He writes about a range of web hosting and IT-related issues facing the industry on the WHIR website, as well the print version of the WHIR magazine. Follow him on Twitter @Justin_theWHIR.
No related posts.
