Microsoft™ is working to repair a weakness in its Internet Explorer® Web browser that was revealed over the weekend of April 27 by security experts. The researchers discovered that hackers have exploited the bug and created a new type of attack. This bug affects all Internet Explorer browsers, versions 6 through 11. It does not affect Google Chrome™, Mozilla Firefox®, or Apple Safari® browsers.
The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found.
This is how the bug works: Hackers set up a website that installs malware on your computer when you visit that website. If you're tricked into visiting the website while using the Internet Explorer program, malware seeps into your computer and gives the hacker total control. In most cases you may not even notice. Anyone in control of your computer can then spy on everything you do.
It is strongly recommended that anyone currently using Windows XP® upgrade to a more recent version of Windows, because Microsoft no longer supports that operating system with security patches.
While Microsoft works on patching the bug, its engineers suggest running your browser in "Enhanced Protect Mode" by selecting Tools/Internet Options/Security/Enable Protected Mode.
If you use Internet Explorer, the easiest solution is to download and use another browser, such as Chrome or Firefox, until such time as Microsoft releases a patch.
We will continue to pro-actively monitor the situation and provide updates as needed.
Early on Tuesday the 8th, Enhanced Software Products, inc. (our core processing vendor) discovered a new vulnerability as a part of its daily security procedures. This vulnerability is called Heartbleed, and could potentially allow theft of information from affected websites. They patched it by 9am on Tuesday morning, and investigated the scope of its risk. Online and mobile banking were not directly affected.
While we do not believe that member information was compromised directly through our website or through online banking, you may have used other services that were. For example, if you use Yahoo as your Online Banking recovery email, that account may have been compromised — as Yahoo was severely affected by the bug — and thus you should reset your credentials on both Yahoo and Online Banking. If you used the same password for Online Banking as you do for other sites, you should also strongly consider changing it.
Please let us know if you have any questions.