DigiNotar Goes Bankrupt After Hack

twoheadedboy writes "DigiNotar, the Dutch certificate authority which was recently at the centre of a significant hacking case, has been declared bankrupt. The CA discovered it was compromised on 19 July, leading to 531 rogue certificates being issued. It was only in August that the attacks became public knowledge. Now the company has gone bankrupt, parent firm VASCO said today. VASCO admitted the financial losses associated with the demise of DigiNotar would be 'significant.' It all goes to show how quickly a data breach can bring down a company." Adds reader Orome1: "This is unsurprising, since a report issued by security audit firm Fox-IT, who has been hired to investigate the now notorious DigiNotar breach, revealed that things were far worse than we were led to believe."

Bankrupt?

[Anonymous Coward]

How do you go bankrupt before any charges have been laid, fines levied, etc.? Sounds like the parent company ditching them before they can be held liable.

Re:Comodo

[Spad]

Mostly because they caught the intrusion (which was at a 3rd party rather than directly part of Comodo) and reported it immediately as well as putting in place measures to try and prevent it from happening again.

DigiNotar didn't notice that they'd been hacked for months and didn't tell anyone for months more and even then they didn't know how badly they'd been hacked or exactly which certs may have been issued to whom.

teach 'em a lesson

[burris]

Lesson learned: if you are a CA, under no circumstances should you allow any breaches to become public.

Re:Comodo

[heypete]

That, and Comodo's core infrastructure (e.g. the stuff that actually does the signing) wasn't compromised.

The attacker used the compromised third party to issue certificates through the normal channels made available by Comodo to resellers, so it was possible to determine exactly what certificates were issued erroneously.

At least that was my understanding of what happened, based on information I read several months ago.