VeriSign was hit by hackers in 2010 and its computers and servers were accessed several times, but the breach was not properly reported until late last year.
"In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers," VeriSign said. "We have investigated and do not believe these attacks breached the servers that support our Domain Name System ('DNS') network."
Information was stolen, though VeriSign did not provide details on what went missing.
But while the hacks occurred in 2010, VeriSign's information security group did not tell management about the attacks until September 2011. VeriSign said it has since changed its reporting policies to make sure the same thing doesn't happen again.
"The group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks. However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information," VeriSign said in its filing. "In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future."
VeriSign did not immediately respond to a request for additional comment.
In a blog post, security firm Sophos said it hopes the DNS network is indeed secure. "If the DNS network were breached it would potentially be bad news for many of the world's websites - allowing cybercriminals to redirect users attempting to visit popular sites, and potentially infect surfers with malware and intercept communications," analyst Graham Cluley wrote.
"Inevitably there will be speculation that the attack could have been sponsored by a foreign state - but with the level of information shared so far it's simply impossible to say," Cluley concluded.