“Heartbleed” Vulnerability Update

You may have been made aware of a recently discovered online security vulnerability called the “Heartbleed” bug through media coverage of this matter. This vulnerability is a major concern for any organization that provides secure communications online. Entrust Financial Credit Union takes the security of its members’ information as one of its top priorities to protect. We regularly evaluate the methods and mechanisms used to ensure the protection of that information. Anytime there is a newly discovered potential vulnerability, we evaluate our products, services, processes, and resources to ensure that we are appropriately addressing that vulnerability.

We have been evaluating our services to determine if any of them were vulnerable to the “Heartbleed” issue. We are pleased to report that all of Entrust Financial Credit Unions internal systems were never susceptible to the “Heartbleed” vulnerability. We did discover that one of the services involved in the authentication process for Online Banking was initially vulnerable, but was patched to prevent the vulnerability within hours of the initial reports of the “Heartbleed” vulnerability.  All security certificates used by this service have also been changed as additional security measures.

Due to the nature of this vulnerability, Entrust Financial CU is taking steps to following the recommended best practices by industry security experts and regulators. These recommendations include financial institutions’ clients changing their Online Banking login passwords after they have received confirmation from their financial institution that the vulnerability has been mitigated. It is also recommended that they delete all “cookies.”

Entrust Financial CU has worked with all its partners to mitigate any issues associated with the “Heartbleed” vulnerability. Entrust Financial CU will be expiring all Online Banking passwords on Monday, April 14, 2014 which will require a new password to be established upon the next sign in. The complexity requirements for this password are:

  • 8 to 32 characters in length
  • Must contain at least:
    • One upper case letter
    • One lowercase letter
    • One number

Should you wish to take further steps, it has also been recommended that you delete all your saved “cookies” through the appropriate browser’s security tools. This varies with each browser but is usually under the “Tools” menu or “Gear” icon.

Our Member Services Team and staff are available to assist you with resetting your password should you need assistance. You can reach them at mbrservices@entrustfcu.org or 804-353-8012, option 5, during our normal operating hours of 9:00 AM – 5:30 PM Eastern.

For additional resources regarding the “Heartbleed” vulnerability, please check out: