Three major European Qualified Trust Service Providers (QTSPs) have faced cyberattacks in recent weeks, underscoring the critical importance of robust security measures in digital identity services.
QTSPs have been under attack
InfoCert attack
On December 27, 2024, InfoCert, Italy’s largest QTSP, discovered unauthorized access to customer data through a third-party vendor. While the company’s core systems remained secure, personal data was exposed through this supply chain vulnerability.
EuroCert Poland ransomware
Just two weeks later, on January 12, 2025, Euro Cert Poland fell victim to a ransomware attack during the night hours. According to their official statement, the attack encrypted files on their servers and potentially exposed extensive personal data, including:
- Identification data
- Contact details and email addresses
- Social security (PESEL) numbers
- ID card numbers and dates of birth
- Usernames and passwords
- Personal images
While the company confirmed that issued certificates and cryptographic keys remained secure, the breach required all users to reset their passwords.
D-Trust healthcare impact
The following day, January 13, 2025, D-Trust GmbH reported a breach of their application portal for signature and seal cards. Their press release revealed that the attack particularly affected healthcare professionals who rely on these services for:
- Electronic health professional cards (eHBA)
- Access to telematics infrastructure
- E-prescription signing capabilities
- Electronic patient file management
The compromised data included applicants’ names, email addresses, birth dates, addresses, and ID document numbers. While the issued cards remained secure, the breach highlighted the vulnerable intersection of digital identity and healthcare services.
Why QTSP security matters
These incidents highlight why becoming a QTSP involves such rigorous certification requirements. QTSPs are custodians of vast amounts of sensitive personal and business data, making them prime targets for cybercriminals. The responsibility of protecting this data demands the highest level of security measures.
This is why security-by-design approaches, built on Zero Trust architecture principles, are crucial. Solutions that offer sole control guarantees and have been validated through stringent testing provide the level of protection needed for these critical services.
How Ubiqu secures digital identity
Ubiqu’s EUDI Wallet software enables organizations to provide their users with secure digital identity services with persistent identification on a persistent Level of Assuranse High. Our solution allows organizations to:
- Issue, verify and manage digital identities
- Enable secure authentication and signing
- Ensure users maintain sole control of their credentials
- Scale their services while maintaining security
The security of our solution is built on multiple layers:
- Zero Trust architecture-based QTSP platform
- Remote Secure Element (RSE) technology that eliminates hardware dependencies while maintaining security
- Guaranteed sole control, ensuring users maintain exclusive control over their digital identity
- Recognition on the Article 30 QSCD list – one of only 30 providers globally recognized for having the highest security standards for both signing and authentication
Our technology has been pre-approved to meet strict QTSP requirements, making it easier for organizations to achieve certification while maintaining the highest security standards. Being on the Article 30 QSCD list for both signing and authentication capabilities validates our solution’s exceptional security standards – essential for secure wallet implementations.
Looking ahead
The recent attacks on QTSPs illustrate why security cannot be an afterthought in digital identity solutions. As the EUDI wallet becomes the new standard for digital identity in Europe, organizations need technology that’s secure by design and ensures sole control for users.
This is particularly crucial as we move towards 2026, when new eIDAS requirements will take effect. Organizations looking to become QTSPs need solutions that not only meet today’s security challenges but are prepared for tomorrow’s threats. With our focus on Zero Trust architecture and sole control guarantee, Ubiqu offers organizations a secure foundation for their digital identity services, helping them protect their users’ data while meeting the stringent requirements for QTSP certification.
