On 3 September 2011, after it had become clear that a security breach had resulted in the fraudulent issuing of certificates, the Dutch government took over operational management of DigiNotar's systems.

[10] The scale of the incident was used by some organizations like ENISA and AccessNow.org to call for a deeper reform of HTTPS in order to remove the weakest link possibility that a single compromised CA can affect that many users.

Examples were the authentication infrastructure DigiD and the central car-registration organisation Netherlands Vehicle Authority [nl] (RDW).

"[21] On 20 September 2011 Vasco announced that its subsidiary DigiNotar was declared bankrupt after filing for voluntary bankruptcy at the Haarlem court.

Effective immediately the court appointed a receiver, a court-appointed trustee who takes over the management of all of DigiNotar's affairs as it proceeds through the bankruptcy process to liquidation.

[4][22] The curator (court-appointed receiver) didn't want the report from ITSec to be published, as it might lead to additional claims towards DigiNotar.

[citation needed] The report covered the way the company operated and details of the hack of 2011 that led to its bankruptcy.

In a freedom of information (Wet openbaarheid van bestuur [nl]) procedure started by a journalist, the receiver tried to convince the court not to allow publication of this report, and to confirm the OPTA's initial refusal to do so.

This certificate was subsequently used by unknown persons in Iran to conduct a man-in-the-middle attack against Google services.

[27] According to a subsequent news release by VASCO, DigiNotar had detected an intrusion into its certificate authority infrastructure on 19 July 2011.

[44] GOVCERT.NL [nl], the Dutch computer emergency response team, initially did not believe the PKIoverheid certificates had been compromised,[45] although security specialists were uncertain.

[30][46] Because these certificates were initially thought not to be compromised by the security breach, they were, at the request of the Dutch authorities, kept exempt from the removal of trust[43][47] – although one of the two, the active "Staat der Nederlanden - G2" root certificate, was overlooked by the Mozilla engineers and accidentally distrusted in the Firefox build.

[48] However, this assessment was rescinded after an audit by the Dutch government, and the DigiNotar-controlled intermediates in the "Staat der Nederlanden" hierarchy were also blacklisted by Mozilla in the next security update, and also by other browser manufacturers.

uses a certificate issued by Getronics PinkRoccade Nederland B.V.[53] According to the Dutch government, DigiNotar gave them its full co-operation with these procedures.