"Heartbleed Bug" Information
Online security experts have discovered a bug, or flaw, called the “Heartbleed Bug” in the OpenSSL software used to encrypt many data transactions made online. This bug allows attackers to retrieve sensitive information such as usernames, passwords and credit card details from websites running the affected versions of the software.
Capital City Bank online banking, mobile banking and debit card applications do not use this software and, therefore, have not been affected and may be used normally. Nevertheless, we encourage all clients monitor their accounts for any suspicious activity and contact the Bank should they detect any suspicious transactions. We also recommend that clients not use the same password on multiple websites, especially related to online banking or online purchases.
Protecting the safety and security of client information and our systems is a top priority, and we will continue to monitor all of our systems. To learn more about this Internet vulnerability and how you can protect yourself online, read these Frequently Asked Questions.
Frequently Asked Questions
What is the Heartbleed Bug?
Heartbleed is a “bug” or flaw in the programming on secure websites that allows attackers to retrieve sensitive information such as usernames, passwords and credit card information. It affects the encryption technology – called Open SSL – used by most web servers to secure users’ personal or financial information. It is behind many “https” sites that collect personal or financial information. Basically, it provides a secure connection when you are conducting a transaction or sending an e-mail online.
Am I affected?
Most active users of the Internet have likely been exposed, since a majority of websites – including Facebook, retail and even government sites – use the Open SSL software. But several major sites, like Amazon, have already installed patches.
Are my Capital City Bank accounts safe?
Since learning of the Heartbleed Bug, our third party vendors have taken a number of additional precautions to protect our systems. Our online banking, mobile banking and debit card application providers do not use OpenSSL to encrypt user information and, therefore, are not affected. You may continue using your debit cards, online and mobile banking as usual.
Client security is among our top priorities. Ensuring clients have a safe and reliable environment to conduct their banking is a responsibility we take seriously, and we employ a number of security standards, encryption, and fraud detection software to safeguard client accounts and information. We have no indication that this vulnerability has been used against our systems, but we continue to monitor accounts closely.
In addition, consumers are always protected against unauthorized transactions.
What can I do?
Having good online security is always advisable, whether reading e-mail, logging into bank accounts or making purchases online. The following will go a long way to helping ensure your safety against online threats:
- Update your bank password every few months.
- Do not use the same password on multiple websites, especially related to online banking or online purchases.
- Monitor your account regularly and report suspicious transactions to the Bank immediately at 888.671.0400 or email@example.com.
- Beware of phishing scams – or e-mails with malicious links – that will attempt to get additional sensitive information from you. Capital City Bank and no other legitimate business will ever call, e-mail or text you and ask you to provide sensitive information, such as login credentials, account numbers and Social Security numbers.
Check to see if you have accounts on websites that are vulnerable by visiting the following:
o "Heartbleed Hit List" - listing of some popular websites and their vulnerability status
o "Heartbleed Test" - tool for checking status of individual websites
*Adapted from information provided by the American Bankers Association