April 9th, 2014

Security Update: Heartbleed Bug

On April 7, 2014, security researchers announced a recently-discovered internet vulnerability called Heartbleed. By exploiting this vulnerability, attackers could access sensitive data, compromising the security of the affected servers and their users. At this time, it is unknown whether the vulnerability has been exploited by malicious internet users.

SMCU is aware of the Heartbleed Bug and is taking steps to evaluate whether or not our online services are affected. At this time, we do not believe there is an impact to Online Banking. However, we are working with third party vendors on assessment of the services we provide to you.

Here’s why we believe Online Banking is safe to use:

  • The encryption our Online Banking provider uses does not use the OpenSSL library that is the source of the vulnerability.
  • Our Online Banking provider has never used this version of the OpenSSL library.
  • We have validated that our Online Banking provider’s servers do not use the heartbeat extension.

We will keep you updated on this issue as we learn more.

5 Responses

  1. Dana Briggs says:

    I think it would be very prudent for this information to be sent to all members with email addresses. For those without, a letter is very appropriate.

    • SMCU says:

      Thanks for your suggestion, Dana. We are keeping a very close eye on the situation. As more information becomes available we will definitely communicate it to the membership in the appropriate medium.

  2. Concerned Customer says:

    i agree with dana! i’ve only seen one email from any company saying that they’ve even acknowledged the issue.

    an email from ALL companies, esp. a bank, should be sent out, giving an update on what is being done, not just a notice on the website. :-(

  3. Barbara Rakes says:

    I received an email in my personal email account from voice@smcu.com. Is this safe to open or a scam?

    • SMCU says:

      Great question, Barbara! The email is safe to open. Voice@smcu.com is the email address we use to communicate with our members, so you can add it to your contacts if you’d like to make sure the emails go to your inbox instead of your spam folder.

      When in doubt, it’s always best to ask first. We appreciate you taking the time to check with us on this.