April 14, 2014

On April 7, 2014, security researchers disclosed a flaw in certain versions of OpenSSL software that is used by some websites to encrypt communication between a web browser and a server. This flaw has been named the Heartbleed bug and has been widely publicized.

In response to this vulnerability, we have taken the following actions:

• Verified that all webservers used by Herring Bank are not susceptible to this bug. Our servers do NOT use the versions of OpenSSL that are vulnerable to Heartbleed.
• Verified with vendors providing services to Herring Bank and our customers that they have no indication that Heartbleed has been used against their systems and that they have taken steps to ensure that they are not vulnerable to this exploit.

Security experts recommend the following actions to all internet users:

• Contact online services that you use and verify that they are either not affected by Heartbleed or that they have taken steps to address the vulnerability.
• Change all of your passwords for those online services. When changing your password choose secure passwords and use different passwords for each website.
• Monitor your accounts for suspicious activity

If you have any questions please contact the Customer Contact Center at 866-348-3435.