The press and public reaction to many high profile hacks–think Sony, or the Pentagon–is that the breaches are embarrassments at best or setbacks at worst. But hacks can have grievous real-world consequences for companies, as Dutch certificate authority DigiNotar proved this week when it filed for bankruptcy after finding itself unable to recover from the consequences of a massive hack it suffered this summer.
DigiNotar, owned by Vasco Data Security out of Illinois, was the primary provider of digital security certificates for domains owned by the Dutch government; ironically, it was lax security on DigiNotar’s end that led to the hack, in June, that caused the company’s system to issue over 500 fraudulent digital certificates for companies such as Google and Skype. This allowed scam third party sites in possession of the Google certificate to dupe users into thinking the fraudulent site was legitimate and, possibly, providing personal information.
As one would imagine, the hack caused extensive damage to DigiNotar’s reputation, which proved fatal when the Dutch government pulled its business.
A third-party audit of the hack showed that DigiNotar wasn’t aware of the breach until mid-July, and that the company had lacked basic security protocols such as strong passwords, up-to-date software patches and anti-virus protection. The company also failed to go public with information of the breach until August, and only after reports of the hack were confirmed by Google. After DigiNotar refused to identify the other victims besides the search giant, and widespread criticism of how they handled the hack mounted, Google, Mozilla and Microsoft all announced they would permanently block all digital certificates issued by the company. From there, as one would expect, all trust in DigiNotar’s service integrity had vanished.
As, soon, may the company itself.
