Yesterday, a serious vulnerability dubbed “Heartbleed” was uncovered and publicly disclosed by security researchers. This vulnerability exists in certain versions of Open SSL, a widely used cryptographic library that enables SSL (Secure Socket Layer) and TSL (Transport Security Layer) encryption.
The vulnerability relies on a bug in the implementation of Open SSL’s “heartbeat” feature, hence the “Heartbleed” name. When exploited, this vulnerability enables an attacker to trick a system into revealing chunks of data residing in its memory. This attack can lead to a server leaking private SSL keys, usernames/passwords, and other sensitive data. Many well known sites have been reported as vulnerable to attack.
First Financial’s website and system utilizes network load balancers, which manage SSL encryption and decryption for our member information and data. These load balancers operate in a different Open SSL platform that is not vulnerable to this bug.
Should you have any further questions or concerns regarding this matter, please contact Member Services at 866.750.0100 or email firstname.lastname@example.org.