Get Started

Newsroom Resources

DigiNotar reports security incident

News Releases
August 30, 2011

OAKBROOK TERRACE, Illinois and ZURICH, Switzerland – August 30, 2011 – VASCO Data Security International, Inc. (Nasdaq: VDSI; www.vasco.com) today comments on DigiNotar’s reported security incident. DigiNotar is a wholly owned subsidiary of VASCO.

On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.
Once it detected the intrusion, DigiNotar has acted in accordance with all relevant rules and procedures.
At that time, an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. After being notified by Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate.

The attack was targeted solely at DigiNotar's Certificate Authority infrastructure for issuing SSL and EVSSL certificates. No other certificate types were issued or compromised. DigiNotar stresses the fact that the vast majority of its business, including his Dutch government business (PKIOverheid) was completely unaffected by the attack.

The company will take every possible precaution to secure its SSL and EVSSL certificate offering, including temporarily suspending the sale of its SSL and EVSSL certificate offerings. The company will only restart its SSL and EVSSL certificate activities after thorough additional security audits by third party organizations.

DigiNotar actively looks for quick and effective solutions for its existing (EV)SSL customers. The company expects to have a solution for its entire customer base before the end of this business week. DigiNotar expects that the cost of this action will be minimal.

The incident at DigiNotar has no consequences whatsoever for VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar are completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.

VASCO expects the impact of the breach of DigiNotar’s SSL and EVSSL business to be minimal. Through the first six months of 2011, revenue from the SSL and EVSSL business was less than Euro 100,000.
VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans.

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet security applications and transactions. VASCO has positioned itself as a global software company for Internet security serving a customer base of approximately 10,000 companies in more than 100 countries, including approximately 1,700 international financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

Forward Looking Statements:
Statements made in this news release that relate to future plans, events or performances are forward-looking statements. These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective” and “goal”, “possible”, “potential”, and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. These risks, uncertainties and other factors have been described in greater detail in the Annual Report on Form 10-K for the fiscal year ended December 31, 2009 filed with the Securities and Exchange Commission and include, but are not limited to, (a) risks of general market conditions, including currency fluctuations and the uncertainties in world economic and financial markets, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers. Reference is made to VASCO's public filings with the U.S. Securities and Exchange Commission for further information regarding VASCO and its operations.

This document may contain trademarks of VASCO Data Security International, Inc. and its subsidiaries, including VASCO, the VASCO “V” design, DIGIPASS, VACMAN, aXsGUARD and IDENTIKEY.
For more information contact: Jochem Binst, +32 2 609 97 00, [email protected]
Follow us on Twitter: http://twitter.com/VASCODataNews