The week-old CTL update only revoked a part of the DigiNotar certificates. As of Tuesday it also includes certificates from the "PKIoverheid" root used by the Dutch government and certain companies. The Dutch government requested a delay for the update because it wants to give organizations and businesses the chance to replace the certificates. The Dutch government banned DigiNotar themselves in a very rare nightly press conference Friday night local time. Administrators that want to patch their systems can do this themselves by following instructions issued by Microsoft.

The DigiNotar hack was claimed by "Comodohacker" in a posting Monday on Pastebin. Comodohacker claimed to breach DigiNotar to punish the Dutch government for the actions of its soldiers in Srebrenica, where 8,000 Muslims were killed by Serbian forces in 1995 during the Bosnian War.

More than 500 fraudulent SSL certificates were issued by DigiNotar after its systems were breached. A report released on Monday by DigiNotar's auditor, Fox-IT, found that more than 300,000 mostly Iranian unique IP addresses may have accessed Google account information under the fraudulent certificate, meaning the data exchanged with Google could have been intercepted.