Verisign admits it was victim of hacking

Verisign, the firm that manages the .com domain, has admitted it was the victim of several cyber attacks in 2010.

Verisign gave notice of the breaches to the US Securities and Exchange Commission (SEC) in September.

In the notice, the firm said management were not informed of the attacks until September 2011.

"The occurrences of the attacks were not sufficiently reported to the company's management at the time they occurred for the purpose of assessing any disclosure requirements," it said.

Verisign also said it doesn't know what data was accessed by hackers, but stated it does not believe the servers supporting the domain name system (DNS) were breached. 

"We have investigated and do not believe these attacks breached the servers that support our domain name system network," the submission stated.

This is the system that maps IP addresses to the text addresses internet users employ to find and recognise websites.

Verisign made the report in order to conform to SEC data breach disclosure rules.

The firm said it experienced "security breaches in the corporate network in 2010, which were not sufficiently reported to management".

It added that hackers obtained access to information on a small portion of the firm's computers and servers, and that there is evidence data left the company in this breach.

According to the SEC filing, Verisign's security team took defensive measures to prevent further attacks shortly after they occurred.

"The company's information security group was aware of the attacks shortly after the time of their occurrence, and the group implemented remedial measures designed to mitigate the attacks and detect and thwart similar additional attacks."

The firm also warned that future attacks are still possible, despite these counter-measures.

"We cannot assure our remedial actions will be sufficient to thwart future attacks or prevent the loss of information."