Skip to main content

Privacy Monday - April 14, 2014: Heartbleed Headaches

Last week was certainly the "week of the Heartbleed."    Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet.

If you do not know whether your servers are affected by Heartbleed, or have decided not to do anything about it, perhaps you should consider the potential for future liability arising out of breaches that could have been avoided by patching OpenSSL, and you may want to read this, and forward it to your C-suite.

If you have already checked your servers and feel relieved, you may want to check with other providers in your technology stack.   For example, Cisco and Juniper Networks were scrambling last week to notify customers and issue patches for products and software.   Cisco and Juniper said the security flaw affects routers, switches and firewalls often used by businesses.   That means hackers might be able to capture usernames, passwords and other sensitive information as they move across corporate networks, home networks and the Internet. Cisco created an Event Response Page and Juniper has an "Out of Cycle Security Bulletin"

Rather than our usual "bits and bytes" on this Monday, below is a collection of articles on Heartbleed.

And Mashable has a great piece with a matrix of sites and whether you should change your password just yet.

Messaging to customers and site users is important and should be well-coordinated with technical, communications --- and legal.    Inaccurate, late to the party, or misleading messaging could lead to Heartbleed headaches.


Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.