On the morning of October 17, 2023, certSIGN was the target of a cyber attack. To protect data and infrastructure and limit the effects of the attack, the company proactively disconnected systems and services. Subsequently, in the first hours after the incident, the company started gradually resuming the services, on a new infrastructure that has been subjected to rigorous verification and is equipped with increased protection mechanisms, being monitored 24/7.
Although the certME servers were not affected by this attack, the damage to the certSIGN infrastructure and the disconnection of the communication services led to the unavailability of the certME service.
The certME service is currently operational. More details on the resumption of certSIGN's other services can be found here: certSIGN safely resumes operation of main services
However, there may be disruptions in the operation of the certSIGN services, including the certME service, in the immediate future.
The security of the certME service was not affected. The attackers had no access to the certME infrastructure at any time, and your personal data and cryptographic keys are stored encrypted on your devices, are only accessible by you with strong biometric authentication, and are not stored in any way on the certME infrastructure. Therefore, certME electronic identification means (“certME digital identities”) have not been compromised and can continue to be used safely.
In the coming period, we continue to focus on the full restoration of all affected services and systems and are taking additional measures to increase their security.
