Update - 9 March 2022
We’re providing this update to inform our stakeholders regarding the Information Security Incident from 8 February 2022
We previously disclosed that on 8 February 2022, the FSC Public Search database displayed invalid information and that “valid” certificates appeared to be “terminated”, and that AAF Class was displayed on some pages. Our investigation has concluded that due to an operator error, the FSC Public Search database became corrupt and displayed invalid data.
Based on our investigation, the database corruption was contained and there was no loss of data. The incident did not involve malicious access to FSC’s IT systems and infrastructure, and it did not involve personal information or corruption of FSC master data management systems. Specifically, the data displayed in the FSC Public Search query result pages was not affected, and only the certificate detail pages displayed incorrect information for a period of several hours. The reason for this behavior during the incident is that caching of search indexes had not been affected for the limited time that the database information was corrupt.
FSC has modified IT processes to ensure that operator errors and mistakes will not happen in the future, and the FSC Public Search will not be back online in its previous form. We are developing a completely new online FSC Public Search platform, and we’ll announce general availability of the new platform later in 2022. In the meantime, FSC’s Certificates Public Dashboard is available to search for and view certification and license information.
Again, we regret any inconvenience this incident may have caused, and we have taken all possible actions to ensure that this will not happen again.
Michael Marus
CIO and Director of IT, FSC International
Information Security Incident from 8 February 2022
On the evening of 8 February 2022, FSC International received reports that the FSC Public Search was not displaying valid certificate-related information, specifically that “valid” certificates were listed as “terminated”. We also received reports that AAF Class was being displayed on some pages.
We swiftly took the FSC Public Search function offline as a precaution, and we immediately began an investigation into the reports. While we investigate, and to support finding current certificate information, a temporary replacement – FSC Certificates Public Dashboard – is available.
At this time, we have no indications that there was a large-scale breach or that highly confidential data was exposed; however, we are treating this as a high-priority Information Security incident, and our team with IT and security providers are actively working to determine the cause and exact nature of the incident.
FSC takes information security very seriously, and in the last few years, we have made important enhancements and improvements to retire obsolete technologies and to institute modern, compliant, and secure IT platforms. Our investigation may take days or weeks to complete, and the temporary replacement – FSC Certificates Public Dashboard – will be available until further notice.
We regret any inconvenience this incident may have caused, and we are taking all possible actions to ensure that this will not happen again.
Michael Marus
CIO and Director of IT, FSC International