Documents signed with BankID Sweden from WED (16 sep) to TUE (22 sep) will need to be re-generated

Resolved
Resolved

The affected users have been directly notified and then provided with the corrected documents. This concludes the final step in the recovery process.

Recovering

Due to a misconfiguration during the rollout of our new Checkout Wizard feature, a number of documents that have been generated recently are missing important information from the activity log, and will need to be re-generated.

  1. WHAT DOES THIS MEAN FOR ME?

This means that the documents that have been affected can be discarded, as new ones will automatically be re-issued for all the senders and recipients who were involved.

  1. WHAT INFORMATION WAS MISSING?

The following fields were absent (or invalid) in the activity log of the generated PDFs: • date of birth • the base64 hash coming from BankID for the signatures

  1. WHO WAS AFFECTED?

This problem affected recipients who signed with BankID Sweden, in the following proportions and intervals: • ~10% of the users who signed from WED 16 sep, 08:00 CET to MON 21 sep, 08:00 CET • 100% of the users who signed from MON 21 sep, 08:00 CET to TUE 22 sep, 18:00 CET

  1. HOW WILL THIS BE FIXED?

A fix for the original problem was already deployed by TUE 22 sep, 18:00 CET, but we still need to resolve the problem of the affected documents.

Our recovery plan is the following: • identify the afffected documents and their recipients and senders • send an email notifying all the users who were affected by the problem, letting them know we will be resending the correct signed documents • re-send the emails with the correct signed documents

  1. WHEN WILL THIS BE FIXED?

We intend to have the affected documents fixed by the end of next week (04 OCT)

We apologize for the situation and have already begun internal discussions to set up better procedures and make sure this sort of situation never repeats itself.

Began at:

Affected components
  • Signing
    • BankID Sweden