Josh Holst

Apr 17 2014

Heartbleed Bug Vulnerability


Heartbleed Bug Vulnerability

You may have heard recent news reports about the “Heartbleed” bug vulnerability which is a programming flaw in Open SSL encrypted websites used to secure private information online. This flaw potentially allows fraudsters to access usernames and passwords which may be contained in the memory of a device used to connect to the Internet. This flaw was limited to specific versions of SSL certificates.

What has Hills Bank done to protect my information from the “Heartbleed” bug vulnerability?

We take our customers’ security very seriously and have monitored the vulnerability closely. We’ve taken the necessary steps internally as well as with our vendors to ensure our encrypted websites are not vulnerable to the “Heartbleed” flaw.

Hills Bank works to maintain the highest level of security for our customers with rigorous security standards and fraud detection.

Is Hills Bank OnlineTM affected by the “Heartbleed” bug vulnerability?

No. Hills Bank Online (online banking), Hills Bank Online Investments Login (Trust and Wealth Management Login and the 401(k) Login), Hills Bank mobile banking, and HillsBank.com are not affected by “Heartbleed.”

What do I need to do to protect my information?

Vulnerabilities like “Heartbleed” are a reminder that it’s a good practice to change all your passwords regularly using a combination of letters, numbers, and characters.

Unfortunately, when vulnerabilities like this arise, it creates opportunities for fraud. Knowing people are concerned about “Heartbleed,” fraudsters may launch phishing scams disguised as legitimate claims to reset your passwords. Use appropriate caution if you receive an email from a company asking you to update your information instead of going to a website and manually changing your passwords.

Hills Bank would like to remind you that we will never ask for personal account information by email, text, or phone. Do not respond to unsolicited requests for personal and financial account information via email, text, or phone. If you receive a request for personal information which appears to be from Hills Bank, please contact Hills Bank at 1-800-445-5725(HILLSBK) or visit any Hills Bank location to verify the validity of the request. Also, it’s recommended that you never include confidential information in any unsecured email message.

If you have any questions about “Heartbleed”, please contact Hills Bank at 1-800-445-5725, email me at ITGuy@hillsbank.com, or leave a comment below, and I’ll be happy to respond.

Josh Holst

About Josh Holst

Josh Holst is Vice President of Information Systems at Hills Bank’s Operation Center in Hills, IA. He has been at Hills Bank since 2002 working with systems and network administration, with a focus on customer service, security, business continuity, compliance, and operations. Josh can be reached at ITguy@hillsbank.com.


This entry was posted in News and Events and tagged , , . Bookmark the permalink.

2 Responses to Heartbleed Bug Vulnerability

  1. Kevin Thumma says:

    The main question that Hill’s Bank should answer is “Does Hill’s Bank use open source SSL”? “Has Hill’s Bank ever used open source SSL”? When will Hill’s Bank customers be notified that the appropriate open source SSL patches are installed and no future maintenace for this issue will be required?

    • Josh Holst Josh Holst says:

      Kevin, thank you for your comment. To answer your questions, Hills Bank does not host Open Source SSL, but we do have vendors who utilize Open Source SSL. We have been in contact with our vendors to confirm no vulnerable versions of Open Source SSL certificates are being used. At this time, we do not anticipate any future maintenance needs for this issue, and we can tell you that hillsbank.com, Hills Bank Online, and all of our Trust Investment logins did not have the Open Source SSL certificate that was vulnerable to the Heartbleed Bug.

      If you have questions about a specific product, you can call us during normal business hours at 1-800-445-5725.

Leave a Reply

Thanks for taking time to provide a comment or question! In order to keep your private information private and keep the conversation constructive, please keep the following guidelines in mind:

  • Please do not provide account specific details or personal information in your comments or questions. If you have account or service needs, please contact your Personal Banker at any Hills Bank location.
  • Comments will be reviewed and approved before appearing on our blog. Keep comments and questions relevant to the post you are responding to, and as always, keep comments respectful. Personal attacks, offensive language, or anything deemed inappropriate will not be approved to appear on our blog.
  • Under the Children’s Online Privacy Protection Act (COPPA), you must be 13 or older in order to comment on our blog posts.
  • Due to phishing - an identity theft method attempting to acquire personal information, we cannot accept links to other blogs in our comments.

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>