Our security team has verified that TDECU is safe and secure. Heartbleed is an OpenSSL vulnerability. TDECU uses other SSL solutions and we have verified that your information is not compromised. We continue to monitor our security networks for any new developments about the vulnerability and will provide updates on our website as needed.
Your TDECU Online Banking information is safe and secure. There is no need to change your Online Banking password because TDECU is not susceptible to the Heartbleed vulnerability. However, we always recommend that members periodically change their Online Banking password and use different passwords for different websites.
Here is more information about Heartbleed and steps you can take to avoid problems:
What is Heartbleed?
- Heartbleed is a vulnerability that impacts website servers using certain versions of OpenSSL, a security solution. Heartbleed is not a virus that impacts consumer devices.
- Websites with the Heartbleed vulnerability could be attacked by fraudsters, and your login credentials could be at risk.
- Unfortunately, there is no way to be sure a website is safe unless they tell you, either by contacting you directly or on their website. It is advisable not to log into accounts at affected sites until you're sure the company has patched the problem. If the company hasn't been forthcoming – notifying you that they are safe, confirming a fix or keeping you up to date with progress -- reach out to its customer service team for information.
- Your natural inclination might be to change passwords immediately, but our security experts suggest waiting for confirmation of a fix because further activity on a vulnerable site could exacerbate the problem. There is no need to change your Online Banking password because TDECU is not susceptible to the Heartbleed vulnerability; however, we always recommend that members periodically change their passwords and use different passwords for different websites.
- Once you've received confirmation of a security patch, change passwords for sensitive accounts like banks and email first. Even if you've implemented multi-factor authentication -- which, in addition to a password asks for another piece of identifying information, like a code that's been sent to you -- changing that password is recommended.
How do I know a website I use is affected?
- Unfortunately, there is no way to be sure a website is safe unless they tell you, either by contacting you directly or on their website. If the company hasn't been forthcoming – notifying you that they are safe, confirming a fix or keeping you up to date with progress -- reach out to their customer service team for information. Don't be shy about reaching out to small businesses you use to make sure they are secure. Be proactive about keeping your information is safe.
What else should I do?
- Keep a close eye on financial statements. Because attackers can access a server's memory for credit card information, it’s always advisable to be on the lookout for unfamiliar charges on your bank statements.
- Visit our Security Center for information about Internet security and learn more about protecting your personal and financial information.