It was discovered this month that Verisign had been repeatedly hacked by outsiders in 2010. Verisign operates a diverse array of network infrastructure responsible for web addresses ending in .com, .net, .gov and others. Verisign executives "do not believe these attacks breached the servers that support [the] Domain Name System network," but the company is being criticized for its lack of transparency about the attacks.
Verisign issued a brief statement about the 2010 security breach, noting that parts of their "non-production corporate network" were penetrated, re-iterating various security precautions in place. The statement was made only after the attack was disclosed in a quarterly US Securities and Exchange Commission filing in October 2011.
A breach of information by Verisign could range from extremely dangerous to just plain troubling. However, even if the intrusion did not breach DNS information, customer information or proprietary information, the breach does affect our trust in Verisign. As noted on The New School of Information Security, how can we trust that Verisign's analysis of the breach was "thorough" enough, without knowing the details?
Aside from how this impacts Verisign, we should all take note of the importance of disclosure in maintaining consumer trust.