According to SEC filings, Verisign was hacked repeatedly throughout 2010, losing "undisclosed information" throughout. The filings come as Verisign adheres to new rules requiring the disclosure of serious security breaches to investors. The filings fail to specify specifically when the breaches occurred, but claim security staff responded to the attack soon afterward but failed to alert top management until September 2011. Verisign says they "do not believe these attacks breached the servers that support our Domain Name System network." It's also unclear if the Secure Sockets Layer process, a part of Verisign's business offloaded to Symantec in the summer of 2010, was corrupted.
Update: Symantec sent us this statement:
Symantec takes the security and proper functionality of its solutions very seriously. The Trust Services (SSL), User Authentication (VIP, PKI, FDS) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing.
read comment(s)