Notices to Members

2022 | 2021 | 2020 | 2019 | 2018 | Show more years

Notice I-14-10

April 11, 2014

Information Regarding the "Heartbleed" Security Issue

Recent news reports have raised serious concerns about an Internet security vulnerability that is now being commonly called "Heartbleed." Safeguarding Member data is a top priority at NFA, so we continuously monitor our systems to ensure effective security. NFA has examined its systems and has determined that the NFA website, including the ORS and EasyFile systems, is not vulnerable to the Heartbleed security flaw.

Heartbleed affects OpenSSL—a cryptographic protocol used to encrypt private Internet traffic. If left unpatched, this vulnerability could be exploited to reveal potentially sensitive data over the internet that should otherwise be encrypted. NFA's web servers do not use the version of SSL that was vulnerable to Heartbleed. Consequently, we currently see no need to reset passwords or update certificates at this time.

NFA will continue to work both internally and with its IT vendors to identify any potential areas of susceptibility. As details on the depth and extent of this vulnerability continue to be revealed, NFA will notify its Members if NFA discovers that any Member data may have been compromised or if Members need to take any further action.

Subscribe to NFA Email Communications