Only hours after the individual/group claiming responsibility for the DigiNotar hack had posted on pastebin, that he/they have access to 4 more high profile CAs and had named GlobalSign to be one of those 4, GlobalSign reacted and released a statement that they have ceased to issue any SSL certificates. Also GlobalSign have asked Fox-IT for e-discovery and investigative services to verify the hacker's claim. GlobalSign, a GMO Internet Inc. company since 2006, has its roots in Belgium. Back in 2000, Vodafone had bought a 40% share of GlobalSign through their German subsidiary D2 Mannesmann. Vodafone still is one of the most important GlobalSign customers, like also Skype.
GlobalSign's quick reaction is proper and very different to DigiNotar. Also, reading in between the lines of the hacker's announcements, it looks more like he may have had access to some secondary systems and stole some customer database information. While this still would be bad, it is not at all comparable to DigiNotar, where he actually got into the CA itself.
GlobalSign knows that trust is something you only can lose once.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Subscribe to our Podcasts
How can we help you