Asseco DS / Certum: SMIME certificates with wrong organizationIdentifier

Asseco Data Systems S.A. identified two S/MIME certificates issued with incorrect OrganizationIdentifiers during a routine check on September 17, 2023. The certificates were promptly revoked, and clients were notified to submit new requests. The misissuance was attributed to a misunderstanding by the Validation Officer regarding the use of the EUID number. Additional training and a new validator are being implemented to prevent future occurrences. The issue has been resolved, and no further misissuance has been reported.

1. 2023-09-17 Validation Team discovered two incorrectly issued certificates.
2. 2023-09-18 Bug created to track the issue.
3. 2023-09-29 Detailed report on the incident submitted.
4. 2023-10-13 Confirmation received that no new misissuance has occurred.