Bank of Travelers Rest Issues Response to Heartbleed Security Flaw

Bank of Travelers Rest learned on April 10th of the Heartbleed Security Flaw that is capturing attention in the media.  In response to the issue, we have taken the necessary steps to verify the security of the transmission of information between our customers and the bank as well as between our customers and any third party vendor that services our customers on our behalf.

Securing our customers' personal information is of primary concern to Bank of Travelers Rest.  We have verified that any vendor used by Bank of Travelers Rest either has not been affected by this flaw or is working to secure the "fix" to the problem. 

The information below will better detail this security flaw and how we are protecting you.

What is the hype?

The discussions of the Heartbleed issue are centered on a type of encryption known as OpenSSL.  This encryption is often used to secure exchanges between customers and merchants or between merchants and customers in the online environment.  Banks have been identified as one type of business that may use this type technology.  And while no issues have been identified, it is possible that when a merchant is using an OpenSSL encryption usernames and passwords, instant messages, emails and business critical documents and communication could be hacked.

Is there a fix?

Not all merchants and banks utilize this type of technology.  Other technologies for information exchange encryption do exist.  Additionally, not all merchants and banks utilizing OpenSSL are affected by the flaw.  The flaw has been identified in newer versions of the technology.  But for those who do use versions of OpenSSL that are affected, there is now a fix.  Appropriately named, FixedOpenSSL resolves the encryption flaw and reduces encryption hacking vulnerability.  Merchants and vendors, no matter their industry of service, are working to incorporate the fix.

What has Bank of Travelers Rest done about the problem?

Bank of Travelers Rests systems are not directly open to the problem.  That means our exchange of information between customers and the bank has not been utilizing OpenSSL.  However, we did identify that the potential may exist with vendors who exchange information with our customers on behalf of Bank of Travelers Rest.  Therefore, we have contacted each vendor who may have access to customer data and have asked them to confirm whether or not they were affected.  If our customers may be affected, we have asked for an official written response about how the vendor will close that security gap.  All have responded favorably and have either closed the gap or are in the process of doing so.

What does Bank of Travelers Rest recommend for customers?

While there is no indication that there is an immediate threat to customer data being exposed, the bank recommends that customers go through and change their passwords.  This is a good practice whether or not the user name and password are associated with a bank product or service.  By periodically changing your login information, you are adding a layer of protection to your login process and further safeguarding the access to accounts that contain personal information.

In addition, we encourage customers to always utilize secured Internet connections and to keep updated virus protection on personal devices used to access the internet.  Again, these suggestions help you further control the access and security of your personal transmissions between you and Bank of Travelers Rest or other online merchants with which you do business.

If you need more information....

Bank of Travelers Rest works to ensure that the most relevant services are engaged to protect the information you entrust to us every day. For questions, please email using our Secure Contact Form.  We suggest that if you wish to learn more about the topic, that you visit www.heartbleed.com.