Exhibit 99.3
Statement to DigiNotar’s partners, customers and the people of Iran
What happened?
Recently, we informed you that DigiNotar became the victim of an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificates.
The source of the requested validations of these certificates strongly indicates that these certificates are used to obtain confidential information of people in Iran. We believe that the hacking action was politically inspired.
What are we doing?
DigiNotar is working with browser vendors, security experts and the Dutch government in order to prevent further intrusions and to minimize impact for browser users. The CA systems have been taken offline, certificates have been blocked by browsers and revoked, and OCSP validations are being now done based on a white list principal.
The security firm FOX-IT has been invited to research the incident to re-assure trust in the CA activities being vital for a number of Dutch government organizations. We will do anything to reinstate the trust in DigiNotar and to migrate all our customers to a new, highly secure infrastructure.
What can you do?
Our advice to consumers is to follow common security practices including updating your browser, validating certificates. It is important for end user to take any online security warning seriously.
We strongly advise the people of Iran to follow these instructions in order to activate the blacklisted certificates and recent security warnings that are implemented. It is possible that the results of the hack are used for internal Iranian politic activities in order to thwart the local democratic movements.
DigiNotar will fully cooperate with all companies involved in order to address and remedy your individual situation. Please contact us at your earliest convenience to discuss an optimal approach to your specific requirements.