The Heartbleed Bug

The Heartbleed BugWhat is the Heartbleed Bug?

Heartbleed is a flaw in the programming on secure websites that could put your personal information at risk, including passwords, credit card information and e-mails. The Heartbleed Bug is a defect in encryption technology – called Open SSL – used by most Web servers to secure users’ personal or financial information. It is behind many “https” sites that collect personal or financial information. Basically, it provides a secure connection when you are conducting a transaction or sending an e-mail online. Experts discovered the bug recently and warned that cybercriminals could exploit it to access visitors' personal data or to impersonate a website and collect even more information.

Am I affected?

Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But it is unknown whether any criminals have actually exploited the bug, and several major sites, like Amazon, have already installed patches. Most sites with an address beginning with “https” are vulnerable until the website operator fixes the bug and users change their passwords.

Is my bank account safe?

Yes, consumers are protected from unauthorized transactions. Let the bank know immediately if you suspect any unusual activity.  Banks use many different systems to protect customers’ information including rigorous security standards, encryption, and fraud detection software.

What can I do?

As always, it is a good idea to update your bank password every few months. Also, monitor your account regularly and report suspicious transactions to the bank immediately. Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you.

What are banks doing?

Banks are researching the possible impact of the Heartbleed Bug and are taking appropriate actions to ensure that it has no impact on their customers. Most Internet banking applications are not impacted by this bug. Most financial institutions have a special layer of security that prevents this type of exploit and some don’t use Open SSL at all.

What is Mission Valley Bank doing?

Since the announcement of the existence of the Heartbleed Bug on April 7, 2014 – Mission Valley Bank has been in close contact with our security experts and service providers, confirming that there are no vulnerabilities within our systems, or those of our vendors.  With that said – regardless of the safety of your communications and transactions with Mission Valley Bank, the Heartbleed Bug is a real threat to all of us that use the internet for anything from Facebook to shopping.

Security experts across the board are strongly advising that you change ALL of your passwords – particularly on those sites where you might have exchanged personal information, credit card numbers, or other sensitive data.  However, prior to changing your current passwords, verify that the site has already installed the necessary patches, or was not considered vulnerable to Heartbleed.  While changing your passwords does not guarantee that your information has not already been compromised, it is a simple step that improves your odds going forward (and as stated earlier, it is a sensible thing to do every few months to decrease your vulnerability to bugs and scammers).

If you would like more information about “Heartbleed” go to http://heartbleed.com/.

IMPORTANT: If you are a customer of Mission Valley Bank and have already responded to a suspicious e-mail, and provided any personal or sensitive information, please contact us immediately at (818) 394-2300.