Toby Sterling of Associated Press reports on a breach that does not directly involve personally identifiable information, but has great potential to do so:
The Dutch government said Saturday it cannot guarantee the security of its own websites, days after the private company it uses to authenticate them admitted it was hacked. An official also said the government was taking over the company’s operations.
The announcement affects millions of people who use the Netherlands’ government’s online services and rely on the authenticator, DigiNotar, to confirm they are visiting the correct sites. To date, however there have been no reports of anyone’s identity being stolen or security otherwise breached.
Officials stopped short of telling people not to use government websites but said they should heed warnings posted on the sites or from their browsers. Already, Google and other major Web browser providers have begun rejecting security certificates issued by DigiNotar.
[…]
Earlier in the week, DigiNotar acknowledged it had been hacked in July, though it didn’t disclose it at the time. It insisted as late as Tuesday that its certificates for government sites had not been compromised.
But Donner said a review by an external security company had found DigiNotar’s government certificates were in fact compromised, and the government is now taking control of the company’s operations.
Read more on ABC,
In related coverage, a report from Radio Netherlands indicates that DigiNotar was aware of the problem since June 19 but did not report it at the time.
DigiNotar is a subsidiary of VASCO Data Security International, Inc., who issued a press release inviting the Dutch government to send representatives to work with the firm to jointly address and remedy the problem.