Security TEAM Tips: Protect yourself online by educating yourself. Click here to access our Security Training, Education and Awareness Module featuring dozens of informative articles. Visit TEAM now.
GHS is aware that Home Depot is investigating the theft of credit and debit card data from its stores.
GHS provides member protections against fraud with security layers such as sophisticated fraud detection processes and Visa’s Zero Liability Policy. To receive fraud protection under the Zero Liability Policy, you must notify us immediately of unauthorized use. At this time there is no need to call GHS or cancel your cards. We do recommend you monitor your account activity regularly. If it is determined that your card is at risk, we will notify you and send you a new card by mail. If you receive a new card, please activate it immediately and destroy the old card. If you would like more information in regards to the Home Depot breach, please visit their website at www.homedepot.com.
GHS is aware of a text message scam that is stating your card has been deactivated. Please do not respond to the number provided as they may be phishing for your personal account information. If you have questions or concerns regarding your cards, please call GHS directly at 607-723-7962. As always, GHS will not contact you by email or text message regarding the status of your cards. Remember to guard your personal information and contact us directly if you feel your accounts may be at risk.
GHS has confirmed that our website and remote banking services are not affected by the Heartbleed bug. Your accounts are safe.
Here is what you should know about the Heartbleed bug vulnerability and what GHS is doing to protect our members.
Details About The Heartbleed Bug
You may have heard the news reports regarding the security vulnerability called Heartbleed. The Heartbleed Bug affects OpenSSL- an open source software widely used to encrypt Web communication.
What is the Heartbleed SSL Vulnerability?
The Heartbleed bug gives hackers the ability to extract the contents from a server's memory, where some sensitive data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to even decrypt communications from the past or potentially the future.
It is important to understand that the Heartbleed bug is not within your personal computer or your phone—it's in the software that powers the services you use.
How Does It Work?
During a secure connection, a computer may occasionally request a response from the server in order to make sure they are still securely connected. They do this through a heartbeat, a small packet of data that asks for a response. The Heartbleed bug vulnerability works by disguising itself as a heartbeat, which tricks the server at the other end into sending data stored in its active memory.
Who Is Affected?
Since the vulnerability has been in OpenSSL for about two years, and the majority of websites, email services, chat services, and a wide variety of apps across all platforms are powered by technology built around SSL, most internet users are affected. Most major service providers are already updating their sites, so the bug will be less prevalent over the coming weeks.
Was GHS Affected?
GHS Federal Credit Union was not affected by the Heartbleed bug vulnerability. Your accounts are safe.
At GHS, we take a proactive approach to protecting the safety and confidentially of our member’s accounts by ensuring that we are using the latest and most secure technology available. Although we do use OpenSSL technology, it is this proactive approach that kept us from being affected.
We have contacted all of our partner networks asking for status updates. They have confirmed that they were either not reliant on OpenSSL for security, or that they were not using compromised versions of OpenSSL.
Do Our Members Need to Take Action?
GHS Member Accounts have not been affected, however we always encourage members to routinely change their passwords and to continue to take proactive steps towards protecting their personal information from fraud. We are also encouraging members to be cautious of what sites they visit, sign on to, and what links they click since these maybe unsecure.
More information on the Heartbleed SSL can be found at http://www.heartbleed.comand at the CERT website at http://www.kb.cert.org/vuls/id/720951