Newsroom
April 18, 2014
'Heartbleed' not just a website issue
April 21, 2014 – The "Heartbleed" issue may be affecting other parts of financial institutions' infrastructure, including servers not serving websites, mobile apps and mobile devices, according to reports.
American Bankerreported that both Cisco and Juniper acknowledged that some of their network equipment uses the versions of the questionable OpenSSL software. Also, mobile banking apps can be vulnerable to Heartbleed issues. Even if the apps don't use the software, the article said, they may still cycle through servers that do.
Recently, the Federal Financial Institutions Examination Council released an alert urging credit unions and banks to take steps now to mitigate the "Heartbleed" issue, which the regulators termed a "material security vulnerability" affecting Web servers using OpenSSL. The council of regulators, which includes NCUA, urged institutions to ensure third-party vendors using OpenSSL on their systems are aware of the vulnerability and take appropriate mitigation steps. It also recommended upgrades to internal systems and services that may be vulnerable.
NAFCU is continuing to monitor this issue and its impact on member credit unions. As concerns grow unabated about cyber threats and data security, the association is also continuing to press for legislation that would require merchants to adopt data security standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.
American Bankerreported that both Cisco and Juniper acknowledged that some of their network equipment uses the versions of the questionable OpenSSL software. Also, mobile banking apps can be vulnerable to Heartbleed issues. Even if the apps don't use the software, the article said, they may still cycle through servers that do.
Recently, the Federal Financial Institutions Examination Council released an alert urging credit unions and banks to take steps now to mitigate the "Heartbleed" issue, which the regulators termed a "material security vulnerability" affecting Web servers using OpenSSL. The council of regulators, which includes NCUA, urged institutions to ensure third-party vendors using OpenSSL on their systems are aware of the vulnerability and take appropriate mitigation steps. It also recommended upgrades to internal systems and services that may be vulnerable.
NAFCU is continuing to monitor this issue and its impact on member credit unions. As concerns grow unabated about cyber threats and data security, the association is also continuing to press for legislation that would require merchants to adopt data security standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.