Heartbleed Security Risk
As a result of the recent media coverage regarding the Heartbleed security risk, the United States Senate Federal Credit Union wants to reassure you that we recognize the importance of maintaining the personal security and the integrity of our members’ finances. As a result, we are vigilant in providing guidance regarding any potential risks to you. CU AnyHour+ does not use open SSL which is vulnerable to this bug. Additionally, our public site, which is separate from CU AnyHour+, uses open SSL but was patched with the correction as of April 9, 2014.
Some of the information you receive from the internet may direct you to a “checker” to verify whether a particular website is vulnerable to the Heartbleed bug. We strongly advise against going to websites operating outside of the United States and its laws and regulations for matters like this as accessing them may put your personal information at risk.
If you have accessed a website with an unusual extension, we recommend that you take the following steps to ensure your computer is secure:
- Run multiple up-to-date anti-virus and anti-malware software solutions.
- Change all account passwords frequently as a matter of practice and especially after an infection has been identified and cleaned from your computer.
- Start using a password manager, especially if you're going to be changing some user logins over the next few days. A password manager makes it easy to generate randomized passwords using a combination of letters, numbers, and special characters. It also relieves you of having to memorize every one of those overly complex codes.
- Clear browser cookies, cache and temporary internet files.
- Do not save log-in information on your computer in any program.
- Remember, it’s never safe to log into your personal account while using a public Wi-Fi service.
To help prevent fraud, USSFCU strongly encourages you to always monitor your account(s) on a regular basis with mobile or CU AnyHour+ and review your monthly statements carefully. If you see any unauthorized activity you should notify us immediately by calling 202.224.2967 or 800.374.2758 (outside DC Metro area).