DigiNotar Files for Bankruptcy Following Security Lapse

Tuesday, September 20, 2011



VASCO Data Security International has  announced that subsidiary DigiNotar, an issuer of digital certificates, has filed a voluntary bankruptcy petition following a serious  breach of security.

A little more than two weeks ago, a falsely issued Google SSL certificate was discovered by an Iranian freelance web developer, which lead to an investigation of the DigiNotar's system security.

DigiNotar may have issued more than 500 rogue digital certificates after being compromised by criminal hackers largely believed to be based in Iran.

Last week The Board of the Independent Post and Telecommunications Authority, a Dutch regulatory agency, barred DigiNotar from issuing new digital certificates. As of Monday, a Dutch Court appointed a bankruptcy trustee has now taken over the management of all of DigiNotar’s business activities.

Representatives of VASCO issued the following statements:

“Although we are saddened by this action and the circumstances that necessitated it,” said T. Kendall Hunt, VASCO’s Chairman and CEO.

"We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business. In addition, we plan to cooperate with the Trustee and the Judge to the fullest extent reasonably practicable to bring the affairs of DigiNotar to an appropriate conclusion for its employees and customers.  We also plan to cooperate with the Dutch government in its investigation of the person or persons responsible for the attack on DigiNotar. ”

“We want to emphasize that the bankruptcy filing by DigiNotar, which was primarily a certificate authority, does not involve VASCO’s core two-factor authentication business,” said Jan Valcke, VASCO’s President and COO. 

“While we do not plan to re-enter the certificate authority business in the near future, we expect that we will be able to integrate the PKI/identity verification technology acquired from DigiNotar into our core authentication platform.  As a result, we expect to be able to offer a stronger authentication product line in the coming year to our traditional customers.”

“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible,“ said Cliff Bown, VASCO’s Executive Vice President and CFO. 

“We expect to report the results of the DigiNotar operations, the losses related to the impairment of intangible assets specifically associated with DigiNotar and the estimated costs associated with the closure of DigiNotar either as a discontinued operation in our future financial statements or we will provide proforma information to identify the impact of DigiNotar on our consolidated results.  While the losses associated with DigiNotar are expected to be significant, we do not expect, given the manner in which the acquisition of DigiNotar was structured, that the value of all of the intangible assets acquired will be fully impaired.  We expect that a significant portion of the value assigned to the intellectual property acquired from DigiNotar to continue to have value as we incorporate the technology into our existing product line.”

Source:  http://www.vasco.com/company/press_room/news_archive/2011/news_vasco_announces_bankruptcy_filing_by_diginotar_bv.aspx

Possibly Related Articles:
SSL Regulation Digital Certificates Headlines hackers breach Netherlands DigiNotar Bankruptcy
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.