If this doesn’t prompt IT professionals to take a good look at their network security policies and practices, I’m not sure what will.
Reuters is reporting that VeriSign Inc., the company responsible for the integrity of Web addresses ending in .com, .net and .gov, was hacked repeatedly in 2010. Although VeriSign reps say the attacks probably didn’t breach their servers, they didn’t rule anything out either.
The breach was discovered in 2010 but was disclosed in October to the SEC. The public, however, was just put on notice this Thursday by Reuters.
Specifically, VeriSign is saying:
“In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System (“DNS”) network. Information stored on the compromised corporate systems was exfiltrated. The Company’s information security group was aware of the attacks shortly after the time of their occurrence and the group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks. However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information. In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future.
“The occurrences of the attacks were not sufficiently reported to the Company’s management at the time they occurred for the purpose of assessing any disclosure requirements. Management was informed of the incident in September 2011 and, following the review, the Company’s management concluded that our disclosure controls and procedures are effective. However, the Company has implemented reporting line and escalation organization changes, procedures and processes to strengthen the Company’s disclosure controls and procedures in this area.”
Experts interviewed by Reuters and Computerworld are saying that the lack of information provided by VeriSign could indicate these attacks were very serious and may continue to be a threat.
We’ll see how this story develops.
Related Articles:
- Stemming the Tide of ID Theft at Institutions of Higher Education
- Your Ultimate Guide to Student & School Internet Safety Part 1
- 6 Ways to Communicate with Millenials About Social Networking
