For the Ready2Apply Online Rental Application System, we took immediate action to ensure our servers and network appliances were patched and not vulnerable.
The security of your data and your applicants' personal information is our top priority. CIC is actively involved with the National Association of Professional Background Screeners. Their Data Breach Subcommittee released this helpful article:
There are hundreds of posts, stories and articles about this latest attack on data security. A quick summary is that the Heartbleed Bug gives hackers access to data from servers and equipment after that data has decrypted. That means hackers can pick up data like personally identifiable information (PII) as it moves across systems internally - behind your firewall.
While this bug was just recently discovered, the actual bug was introduced over two years ago. The bug is resident in the OpenSSL encryption code available during that 2-year period and has infected thousands of websites as well as networking hardware from (at least) Cisco and Juniper Networks.
What to do now
- Check sites on which you enter PII on to see if they are clear of this bug. A few sites to help with this and for more information are:
- If the site is clear, change your passwords.
- If the site is not clear, avoid the site and wait to change your password until the company has updated their systems.
- If the site is not affected, now would be a great time to change password anyway. Use robust formats with numbers, letters and symbols, and turn on two-factor authentication wherever possible.
- To check your own sites to determine whether they might be impacted by the Heartbleed bug click here. This tool will also help identify other security-related issues that might exist.
The identification of this bug more than 2 years after its introduction is a grim reminder that any organization working with personally identifiable information (PII) should have a sound data breach policy in place and approach this critical topic from the "when”, not “if" perspective.