VeriSign, an Internet infrastructure provider, has revealed that it was repeatedly hacked in 2010. The company claims that the hacks did not include servers responsible for running their DNS network.
Reuter’s reported on the 2010 hacks of VeriSign but the data that was actually obtained in the attacks is undisclosed.
“In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers,” the company wrote. “Information stored on the compromised corporate systems was exfiltrated.”
VeriSign claims that the hacks did not include the servers that run their DNS network, which is responsible for directing users to the correct websites when they type in a web address. If those servers had been compromised, the hackers could redirect people to malicious websites easily.
Apparently the VeriSign security team was aware of the attacks in 2010, very soon after they occurred. The filing with the Securities and Exchange Commission claims that management was not aware of the breaches until September 2011.
“Given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information,” the filing said. “In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future.”
Reuters claims they discovered the filing, made in October of 2011, while they were examining 2,000 documents that had been filed since the SEC published new guidelines for reporting security breaches.
Time will tell if all of this information affects VeriSign’s business moving forward.