Video Screencast Help
Website Security Solutions

Verisign, Inc. breach update: Symantec not compromised.

Created: 02 Feb 2012 • Updated: 18 Dec 2012 • 3 comments
FranRosch's picture
+5 5 Votes
Login to vote

News broke recently that Verisign, Inc. reported in their quarterly SEC filings that they had been victims of a security breach in 2010. At this time, Verisign, Inc. has only confirmed that the incident did not impact their DNS business. 

Just as Verisign, Inc. stated that there was no impact to their production environment, I stand behind the following statement that Symantec made in response to media questions regarding the 2010 Verisign, Inc. security breach:

Symantec takes the security and proper functionality of its solutions very seriously.Trust Services (SSL), User Authentication (VIP, PKI, FDS), and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the Verisign, Inc. quarterly filing.

Unfortunately, many people are associating the breach at Verisign, Inc. with the brand of SSL Certificates that Symantec acquired, begging the question “Is SSL dead”? SSL, or HTTPS encryption, remains today as the most secure method to protect online data in transit. Symantec Trust Services, and Identity and Authentication solutions continue to provide unparalleled levels of security, not only in terms of our products, but in terms of how we protect the systems that protect you and your customers.

2/3/12 Update – I want to clear up some confusion about the two brands.  In 2010, Symantec acquired the security assets listed above from Verisign, not the entire Verisign organization.  Verisign Inc. is a separate public company, responsible for the SEC disclosure.

Comments 3 CommentsJump to latest comment

lseltzer's picture

I believe you that those core services were not compromised, but unless you say more about what *was* compromised people will have too much room to speculate.

-1
Login to vote
NickW's picture

"...but unless you say more about what *was* compromised..."

Did you mean "unless VeriSign Inc. says more..."? VeriSign Inc. is not a Symantec company.

+4
Login to vote
AllenKelly's picture

Here is the Verisign, Inc. statement on the 2010 security breach vrsn.cc/AwJBFb

Verisign, Inc.,www.verisigninc.com, is NOT the security business that Symantec acquired in 2010.

+1
Login to vote