April 15, 2014
SAC Federal Credit Union has conducted reviews of our systems, including conversations with key third-party vendors, and verified that our systems and our members’ data are not at risk.
What is Heartbleed?
Heartbleed is a vulnerability of certain versions of OpenSSL, a security standard encrypting communications between users and servers provided by a variety of online services. According to McAfee, “The mistake makes it viable for hackers to extract data from massive databases containing user names, passwords and other sensitive information.”
Is my information at SAC FCU vulnerable?
No, your information at SAC FCU is safe and secure. SAC FCU and its website were not affected, including SAC FCU’s online banking, the SAC Mobile Access iPhone and Android app, web-based mobile banking, and text banking.
What should I do?
This is a great time to review your online security. SAC FCU advises not to use passwords on more than one site – if you are using the same password on multiple sites, follow these steps:
- Use a site checker like McAfee’s to see if the sites you use are open to vulnerability from Heartbleed. If the site is still vulnerable, wait until the site is updated and no longer vulnerable to change your password.
- If the site isn’t vulnerable, create a strong password for each site. This guide from Mozilla.org has great advice on how to create a strong password, including steps for customizing a password for different sites that’s still easy for you to remember. Even if you don’t use the same password on multiple sites, it’s still a good practice to change passwords periodically.
An online test site I used says SAC FCU might be vulnerable to Heartbleed. Is it?
No. While a portion of SAC FCU’s online domains use OpenSSL, the versions used were not affected by Heartbleed. We have taken steps to ensure our systems and data are secure, and are continuing to take steps to limit the risks associated with Heartbleed.
What if my information was vulnerable through another site?
If you do find yourself a victim of identity theft, whether through the Heartbleed vulnerability or another attack, don’t despair. Start with our blog post “The road to recovery: What to do when your identity is stolen” and download our Essential ID Theft Checklist to get back on track.