USAA says data safe from ‘Heartbleed’ bug

USAA says data safe from ‘Heartbleed’ bug

In light of the recent “Heartbleed” security bug, USAA is alerting its members that there is no evidence that the financial services provider or its members have been affected. Heartbleed is a flaw found in software that is widely used to enable secure access to websites.

In a news release, USAA — The American Legion’s preferred financial services provider — says its security certificates have been replaced twice since the Heartbleed outbreak was publicized on April 7. Akamai, the hosting provider for usaa.com, implemented security patches on April 4 before the flaw was made public. A second update followed an announcement by Akamai that it identified a group of servers that did not receive the initial Open SSL patch for the Heartbleed bug.

USAA has no indication that its earlier security certificates had been compromised by Heartbleed or that Akamai’s disclosure impacts USAA directly, the release stated.

USAA says it has aggressive fraud detection programs in place, which are designed to detect any unauthorized activities. Based on information gathered by USAA’s fraud detection programs, the security team has not seen any increased threat activity due to the Heartbleed vulnerability.

Still, USAA encourages members to change their passwords. Here are some tips when you change your password:

• Use our password strength indicator.

• Create a strong password that has a combination of letters, numbers and punctuation.

• Make it different from your other passwords.

• Don’t write it down in a visible place.

• Don’t use words or names.