Private key leak
If any of the private keys securing your connection to GOV.UK Verify have been compromised, you are having a security incident. In addition to following your organisation’s procedure, you must:
- replace the compromised keys immediately
- let the GOV.UK Verify team know so they can help reduce the impact of the incident and run fraud and security checks
You must stop using the compromised keys as soon as possible. The quickest way to do this is by rotating your keys and certificates using the GOV.UK Verify Manage certificates service.