Heartbleed (OpenSSL) Vulnerability Information

Severn Savings Bank’s online banking, bill payment, and mobile banking services are NOT at risk to the Heartbleed (OpenSSL) vulnerability. Severn Savings Bank has verified (and tested) that all critical service provider websites are not at risk to the Heartbleed vulnerability, and that Severn Savings Bank’s customer information has not been exposed to this threat.

To recap recent news events relative to the Heartbleed (OpenSSL) vulnerability, on (or about) April 8, 2014, information security experts announced that a vulnerability (named Heartbleed) was found to be present on a large number of websites providing secure (https) services. Heartbleed exploits vulnerabilities in websites utilizing specific versions of website security software named OpenSSL. Websites utilizing the vulnerable versions of OpenSSL were found to be at risk of allowing unauthorized access to confidential information (e.g., user ids, passwords, security keys, user data). This information could be obtained without the knowledge of the user and/or the website’s operator.

Although Severn Savings Bank’s online services were not vulnerable to this latest information security threat, customers are advised to remain vigilant in protecting their personal financial information by routinely changing passwords for all online services they utilize (e.g., email, financial services, etc.). In addition, be aware that online threats such as email phishing or fraudulent phone calls (vishing) continue to pose a significant threat. Whenever possible, do not open suspicious emails and/or click on links imbedded in suspicious emails, as these are commonly linked to malicious software. In addition, be wary of providing personal information to callers requesting/demanding account information – reputable companies, including Severn, will not request personal financial information over the phone.