Quantcast

Federal regulators tell banks to address ‘Heartbleed’ risk

By Reuters
Thursday, April 10, 2014 17:50 EDT
google plus icon
'Computer security' [Shutterstock] http://tinyurl.com/mcmv5p7
 
  • Print Friendly and PDF
  • Email this page

WASHINGTON (Reuters) – U.S. financial regulators on Thursday told banks to upgrade their systems as soon as possible if they are vulnerable to the recently uncovered “Heartbleed” bug, which exposes data to hackers.

The Federal Financial Institutions Examination Council, an interagency group that includes the Federal Reserve and the Federal Deposit Insurance Corp, said banks also should set up temporary patches for any systems using the Web encryption program known as OpenSSL and warn their outside service providers to take action.

Researchers said this week they found evidence of hackers scanning the Internet in search of Web servers running the widely used encryption program.

The bug, which apparently has existed since 2011 but was only recently discovered, means many websites could be vulnerable to theft of data including passwords and credit card numbers.

“Attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email, or gain access to internal networks,” the Federal Financial Institutions Examination Council said in its warning to banks.

The group said after banks patch their systems, they should consider telling customers and administrators to change their passwords.

(Reporting by Emily Stephenson; Editing by Steve Orlofsky)

[Image: "Computer Security," via Shutterstock]

Reuters
Reuters
Reuters.com brings you the latest news from around the world, covering breaking news in business, politics, technology, and more.
 
 
 
 
By commenting, you agree to our terms of service
and to abide by our commenting policy.
 
Google+