WASHINGTON – VeriSign, the internet services company responsible for sending web users to the right place when they type in a particluar .com address, has admitted it fell prey to numerous data breaches in 2010.
Top-level managers were not notified about the hacks until a year later, the company disclosed.
In a quarterly report, known as a 10-Q, filed with the Securities and Exchange Commission (SEC) in October, VeriSign said that in 2010, it "faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers."
The company did not detail exactly when the attacks took place or what type of data may have been lost or compromised.
VeriSign added in the filing it was unaware of any incidents in which information extracted in the hacks was used. But the Reston, Va.-based company admitted that "given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information."
VeriSign -- which is the primary operator for web addresses ending in .com and .net -- said it does "not believe these attacks breached the servers that support our Domain Name System ('DNS') network."
A successful attack on the company's DNS, which converts requested URLs into the correct IP address and processes as many as 50 billion queries per day, could have allowed hackers to intercept users' emails or direct them to malware-laden web pages.
The filing dated Oct. 28 last year claims that VeriSign's internal security group responded to the attacks soon after they occurred, but top management was not alerted about the breaches until Sept. 2011.
The VeriSign revelations come amid heightened concern over hacks after a handful of high-profile, trusted companies admitted breaches in recent years.
Google, for example, disclosed that hackers traced to China had stolen some of its intellectual property in early 2010, and EMC Corp.'s RSA security unit outlined last year how a hacker had broken into its systems and stolen information related to the security tools it sells.