Skip to content

Canada's banks say they are not affected by Heartbleed bug

'Canadians can continue to bank with confidence,' says Bankers' Association, while major sites like Yahoo and OKCupid were affected.
97514BCLN2007800px-BMO_-3770494971
A view of downtown Toronto from the CN Tower

Canada's banks say its customers' online information is safe from the just-discovered Heartbleed security bug, which has reportedly affected 500,000 servers and laid vulnerable sensitive "private data such as usernames, passwords, and credit card numbers" (CNET).

Heartbleed was publicly discovered – or unveiled – on Monday, and has reportedly existed for two years.

But on Wednesday, the Canadian Bankers' Association said none of the country's banks have been affected by the bug and then said, "Canadians can continue to bank with confidence."

"As part of a normal course of business, the banks actively monitor their networks and continuously conduct routine maintenance to help ensure that online threats do not harm their servers or disrupt service to customers," the CBA said.

"As always, bank customers should take the usual steps to protect themselves from fraud. This includes monitoring bank and credit card statements looking for any unusual activity, protecting PINs and passwords and changing PINs and passwords periodically."

TD spokesperson Barbara Timmins told Global News that their bank "is adding additional, layered security, so customers can conduct their banking securely and without their data being at risk."

Still, all online users have been advised to change the passwords and be cautious with their online activity over the next few days.

Heartbleed is "a massive vulnerability in popular web encryption software called OpenSSL" – according to Vox.com – and it has led to admitted affects on sites like Yahoo and OKCupid, although both companies say they are either fixing the bug or have fixed it.

Yahoo's properties also include its Homepage, Search, Mail, Finance, Sports, Food, Tech, as well as sharing/blogging entities Flickr and Tumblr.

(LastPass has posted a search field to determine if individual sites have been affected, or may be vulnerable.)

Vox reported on Wednesday that affected servers – through OpenSSL – make up approximately 66 per cent of those on the Web.