Credit Unions Alert Members to Heartbleed Risk
A number of credit unions posted an alert on their websites to keep their members informed. Typically, these are wide, highly visible banners at the top of their homepage. For example, First Community Credit Union (Chesterfield) added a bright yellow banner that links to a page that included details of the Heartbleed bug. See example at right.
Mazuma Credit Union (Kansas City) added a banner to their homepage and linked it to #heartbleed. View it here.
In an effort to reach more members, several credit unions have shared the alert from their social media accounts, such as Facebook and Twitter. Members reacted positively to these posts—a few even thanked these credit unions for being so vigilant and protective of their members.
For example, Community Financial Credit Union (Springfield) shared an article from Mashable about Heartbleed on their Facebook page. They also stated that they had confirmed that their data center was not vulnerable to the bug.
This effort was intended to help reassure members, and even garnered some thanks from their Facebook fans. One member stated, "Thank you Community Financial for taking care of us." See example at right.
“In general, credit unions may want to consider reassuring members via email or websites regarding the steps your credit union has taken to assess risk and the measures used to secure your site,” says Don Cohenour, president and CEO of the Missouri Credit Union Association (MCUA). “Other helpful information for members is what they can do individually to help protect themselves, such as checking security of all sites they use and being proactive in password and virus protection.”
MCUA developed a newsletter article about the Heartbleed bug and how consumers can protect themselves. Click here for the newsletter article, which credit unions are welcome to use for their publications. The information will also be distributed to members of the Missouri General Assembly as part of MCUA’s weekly financial tip to lawmakers.
The Heartbleed bug was discovered on April 7 and is a security flaw in OpenSSL software. It is estimated that Heartbleed affected nearly two-thirds of encrypted websites. For more information about recommended steps to protect credit union systems, click here.