Business

Canada's banks say they are not affected by Heartbleed bug

A view of downtown Toronto from the CN Tower, away from Lake Ontario
A view of downtown Toronto from the CN Tower, away from Lake Ontario's waterfront.
— image credit: Wikimedia Commons (author Benson Kua/BMO)

Canada's banks say its customers' online information is safe from the just-discovered Heartbleed security bug, which has reportedly affected 500,000 servers and laid vulnerable sensitive "private data such as usernames, passwords, and credit card numbers" (CNET).

Heartbleed was publicly discovered – or unveiled – on Monday, and has reportedly existed for two years.

But on Wednesday, the Canadian Bankers' Association said none of the country's banks have been affected by the bug and then said, "Canadians can continue to bank with confidence."

"As part of a normal course of business, the banks actively monitor their networks and continuously conduct routine maintenance to help ensure that online threats do not harm their servers or disrupt service to customers," the CBA said.

"As always, bank customers should take the usual steps to protect themselves from fraud. This includes monitoring bank and credit card statements looking for any unusual activity, protecting PINs and passwords and changing PINs and passwords periodically."

TD spokesperson Barbara Timmins told Global News that their bank "is adding additional, layered security, so customers can conduct their banking securely and without their data being at risk."

Still, all online users have been advised to change the passwords and be cautious with their online activity over the next few days.

Heartbleed is "a massive vulnerability in popular web encryption software called OpenSSL" – according to Vox.com – and it has led to admitted affects on sites like Yahoo and OKCupid, although both companies say they are either fixing the bug or have fixed it.

Yahoo's properties also include its Homepage, Search, Mail, Finance, Sports, Food, Tech, as well as sharing/blogging entities Flickr and Tumblr.

(LastPass has posted a search field to determine if individual sites have been affected, or may be vulnerable.)

Vox reported on Wednesday that affected servers – through OpenSSL – make up approximately 66 per cent of those on the Web.

We encourage an open exchange of ideas on this story's topic, but we ask you to follow our guidelines for respecting community standards. Personal attacks, inappropriate language, and off-topic comments may be removed, and comment privileges revoked, per our Terms of Use. Please see our FAQ if you have questions or concerns about using Facebook to comment.

Community Events, September 2014

Add an Event

Read the latest eEdition

Browse the print edition page by page, including stories and ads.

Aug 29 edition online now. Browse the archives.