GlobalSign have issued a statement regarding the alleged compromise reported in September.

In summary;

They did not find any evidence of:

• Rogue Certificates issued.
• Customer data exposed.
• Compromised GlobalSign Root Certificate keys and associated Hardware Security Modules (HSM).
• Compromised GlobalSign Certificate Authority (CA) infrastructure.
• Compromised GlobalSign Issuing Authorities and associated HSMs.
• Compromised GlobalSign Registration Authority (RA) services.

What did happen:

• Peripheral web server, not part of the Certificate issuance infrastructure, hosting a public facing web property was breached.
• What could have been exposed? Publicly available HTML pages, publicly available PDFs, the SSL Certificate and key issued to www.globalsign.com.
• SSL Certificate and key for www.globalsign.com were deemed compromised and revoked.

The full report is available here.