On the morning of 17 October 2023, certSIGN was the target of a cyber-attack. In order to protect data and infrastructure and limit the effects of the attack, we have proactively disconnected all systems and services. Subsequently, in the first hours after the incident, we started the gradual restart of services on a new infrastructure that has been rigorously checked, is equipped with enhanced protection mechanisms, and monitored 24 hours a day.
The following services are currently operational:
- Services for issuing qualified digital certificates on token
- Video identification service for qualified certificates on token: emitere2.certsign.ro
- 100% online purchase service for qualified digital certificates on token
- Electronic signature services with digital certificates on cryptographic token
- Remote electronic signature services
- Paperless vToken application
- Certificate revocation list (CRL) for signature validation
- Online Certificate Validation Service (OCSP)
- Confirmation service for registration in the ANAF system
- Register of certificates
However, there may be some disruptions in the operation of certSIGN services in the immediate future.
The security of services for issuing, renewing, and managing qualified certificates of our customers has not been affected. The attackers never had access to the cryptographic keys stored on the cryptographic devices (token) or in the cloud (on HSM). These devices ensure the protection of the data, as the keys are under the sole control of the users. Therefore, the electronic signature creation data associated with certificates issued by certSIGN has not been compromised and the signatures can be used securely.
In the coming period, we are continuing to focus on the full restoration of all affected services and systems and are taking additional measures to ensure their security.
We are also continuing to work closely with external cybersecurity specialists to get as complete a picture as possible of the incident.