Financial Tools

News & Alerts

 

CSRA & ACU Shred Days

 
Join us for the following FREE Shred Days. Bring up to five bags/boxes of unwanted personal documents for a FREE on-site shredding to help promote Identity Theft Protection. Safely dispose old and unwanted documents. The events are open to the public! Please no 3 ring binders or large binder clips.
·         Saturday, April 26 - 2574 Tobacco Road Branch, Hephzibah, GA from 9:00 AM until 12:00 PM
·         Saturday, May 17-  5032 Old Grant Road, Ellenwood, GA from 9:00 AM until 12:00 PM
·         Saturday, June 14- 867 Buford Drive, Lawrenceville, GA from 9:00 AM until 12:00 PM

 Update April 17

SECURITY UPDATE: Heart Bleed Bug
 

Please read the security update below from our Web site provider. Your Online Banking is safe and secure.

 
On April 7, 2014, security researchers announced a recently-discovered vulnerability called Heart Bleed. By exploiting this vulnerability, attackers could access sensitive data, compromising the security of the server and its users. 
Digital Insight is aware of the Heart Bleed Bug  and has taken steps to evaluate whether there is impact.
 
End users are reading media reports that say that all online banking websites are vulnerable. We do not believe there is an impact to our Digital Insight Online Banking websites. However, we are working with third party vendors on assessment of the services we provide to you from them.

Here's why we are confident Digital Insight Online Banking websites are not vulnerable:
-       The encryption Digital Insight uses for load balancers on Online Banking does not use the OpenSSL library that is the source of the vulnerability. 
-       Digital Insight has never used this version of the OpenSSL library. 
-       We have validated that our servers do not use the heartbeat extension. 
-       We have taken additional steps, scanning to validate information for each financial institution customer

 

 SECURITY UPDATE: Heartbleed Bug 

 

This  update after our initial communication provides additional information for the Heartbleed bug (CVE-2014-0160) disclosed on April 7.

We have completed testing of all our connections to financial institution customer sites and have found no known issues.  There are no known data breaches or user compromises on Digital Insight systems.  We continue to remain alert and work with our third party vendors to confirm that they have tested their systems regarding the Heartbleed bug
.
Additional Third Party Updates
Since Update #4, more third party vendors have reported that they have tested their systems and have found no issues, though they may continue to investigate.

Should any third party vendor identify that that a vulnerability exists within their service which is provided to you through Digital Insight, we will notify you and provide recommend actions if necessary.

Answers to Commonly Asked Questions
Below are the most commonly asked questions that we are hearing from our customers.

Does Digital Insight use a version of OpenSSL that is vulnerable to the Heartbleed bug?
No. 

Was FinanceWorks affected?
No. Digital Insight services were not affected.

What about , are they vulnerable to the Heartbleed bug? 
We continue to work with the rest of our third party vendors and will provide information on these vendors as it becomes available.

My end user called and says he/she thinks our site is vulnerable.
Digital Insight does not use a version of OpenSSL that is vulnerable to the Heartbleed bug. There are many tools available and end users are trying them and identifying false vulnerabilities. While Digital Insight does not endorse any tool, the "official" tool we are aware of is http://filippo.io/Heartbleed.

Should I have my users change their passwords?
For third parties reporting a vulnerability or a "fixed" vulnerability not associated with Digital Insight, it is critical that financial institutions follow remediation instructions carefully.  Our concern is that some customers use the same user name and password for multiple sites.  Therefore, it is essential that customers update their passwords not only for the third party site where the vulnerability existed but for all sites where that same credential may have been used.

Do we think there will be additional vulnerabilities?
If new information about Heartbleed becomes available to us, we will continue our assessment and will keep you informed if we identify additional potential impact to Digital Insight.

Our Next Steps:
•        We continue to work with all of our third party vendors to validate steps taken on their assessments.
•        We will provide updates as new information becomes available, at least once a week.

 

Equal Opportunity Lender

Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency.
Site Map  |  Privacy  |  Disclosures  |  Security  |  Help