Oh, that's ok then. Nothing to worry about. Absolutely no risk to the public here and definitely not worth discussing.
Sent with [Proton Mail](https://proton.me/) secure email. ------- Original Message ------- On Monday, August 22nd, 2022 at 16:28, Ben Wilson <[email protected]> wrote: > Actually, Entrust reached out about a month ago with this message to me: > > On June 18, 2022, we determined that an unauthorized party accessed certain > of our systems used for internal operations – functions such as HR, finance, > and marketing. We promptly began an investigation with the assistance of a > leading third-party cybersecurity firm and have informed law enforcement. > > While our investigation is ongoing, we have found no indication to date that > the issue has affected the operation or security of our products and > services, which are run in separate environments from our internal systems > and are fully operational. Regarding our Public Certification Authority - all > roots are offline and require multiple security cleared people be physically > present in a secure room to access. > > We take seriously our responsibility to protect our systems and have been > engaged with our customers on the issue. > > As stated, there was no impact to our roots as the roots are offline and can > only be accessed if two people are physically present in a secure room. Also, > our PKI system is on a separated infrastructure, so was not accessed. > > Since there has been no impact to our PKI and certificate issuance systems, > which use roots distributed by your application, we did not raise an incident. > > Ben > > On Mon, Aug 22, 2022 at 9:26 AM 'LB' via [email protected] > <[email protected]> wrote: > >> Given news that Entrust were subject to a ransomware attack, which until now >> they have not confirmed or given any details on in public - what point do we >> need to assume the CAs and CA operations are compromized? >> >> Should action be taken by Mozilla to eliminate risk and remove trust in root >> authority? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> [https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/zEcsmYjEJdXUd-H8gWEsBaGnIx44oLKyjOHxvd7edfkpHSc58eRxXoWH7sfZot5hWqBNaPe-7topJps-0YQQedb1UvuUwvBe4T43dNoSALE%3D%40proton.me](https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/zEcsmYjEJdXUd-H8gWEsBaGnIx44oLKyjOHxvd7edfkpHSc58eRxXoWH7sfZot5hWqBNaPe-7topJps-0YQQedb1UvuUwvBe4T43dNoSALE%3D%40proton.me?utm_medium=email&utm_source=footer). -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/UCmmghDtn7Z3ZkU7Rzq5327GdyuKNLLZD7eImTwzhqTWVK25P4KeQDpUXsfiUywfHHxLnwYfxvqc_IdvB8l4Cm_FIlDIFKsNj6wolUjpiew%3D%40proton.me.
