OpenSSL Heartbleed Bug
April 14, 2014
On April 7, 2014, security researchers disclosed a flaw in certain versions of OpenSSL software that is used by some websites to encrypt communication between a web browser and a server. This flaw has been named the Heartbleed bug and has been widely publicized.
In response to this vulnerability, we have taken the following actions:
- Verified that all webservers used by Herring Bank are not susceptible to this bug. Our servers do NOT use the versions of OpenSSL that are vulnerable to Heartbleed.
- Verified with vendors providing services to Herring Bank and our customers that they have no indication that Heartbleed has been used against their systems and that they have taken steps to ensure that they are not vulnerable to this exploit.
Security experts recommend the following actions to all internet users:
- Contact online services that you use and verify that they are either not affected by Heartbleed or that they have taken steps to address the vulnerability.
- Change all of your passwords for those online services. When changing your password choose secure passwords and use different passwords for each website.
- Monitor your accounts for suspicious activity
If you have any questions please contact the Customer Contact Center at 866-348-3435.
We take the security of your account very seriously and have deployed several different strategies to protect your account. Herring Bank will never call and ask you for any account information. If you receive a call asking for details about your account do not provide any information. Hang-up and call us at 866-348-3435 and speak to a representative.