May 01, 2014

Pew: Heartbleed warnings worked

May 2, 2014 – According to a study from the Pew Research Center's Internet and American Life Project, a majority of Internet users who were aware of the Heartbleed security flaw took action and changed their passwords.

The report showed that 64 percent of Internet users, and 60 percent of all Americans, were aware of Heartbleed, and 39 percent of Internet users took steps to protect themselves by changing passwords or canceling accounts. That amounts to 61 percent of the Internet users who knew about Heartbleed taking action.

Center Director Lee Rainie told The Washington Post, "I think it's a pretty striking number … In other words, the majority of Internet users who had heard of the problem took a pretty significant step to address it."

According to the report, 29 percent of respondents believe their information was put at risk but only 6 percent said they believe their information was stolen.

Heartbleed is a security flaw that affects Web servers using OpenSSL, an open-source implementation of the secure sockets layer (SSL) and transport layer security (TLS) protocols commonly used to protect data in transit. The Federal Financial Institutions Examination Council has urged credit unions and banks to take steps to mitigate the effects of the flaw.

NAFCU is continuing to monitor this issue and its impact on member credit unions. As concerns grow unabated about cyber threats and data security, the association is also continuing to press for legislation that would require merchants to adopt data security and breach notification standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.