Heartbleed Bug – Important Information About The Security of Your Data
We have been closely monitoring the Heartbleed bug — a vulnerability to a version of OpenSSL security encryption software commonly used by websites around the world. In response to this bug, all servers containing confidential data were inspected and reviewed for vulnerability by FRT’s managed security services providers. The result of the review process is a clean bill of health as it pertains to Heartbleed. No confidential information contained within FRT’s systems, including trading histories, has been exposed.
FRT’s Online Client Portal is the only application with potential exposure to Heartbleed. FRT emphasizes that the client portal is logically and physically separate from its primary database and claim processing application. Confidential information and trading histories are not stored on the client portal. Therefore confidential information and trading histories remain secure.
The risk to the Online Client Portal, though quite remote, involves information that passes through servers maintained by the vendor hosting the FRT Online Client Portal site. The vendor responded promptly to this threat by installing a security patch before news of the bug was made public, and they continue to evaluate and address potential risks.
To secure the Online Client Portal against future exposure to Heartbleed, FRT has taken the additional measure of rekeying its SSL certificate, at the recommendation of the hosting service for the site. Though we have no information to suggest that your password for the Online Client Portal has been compromised, we recommend FRT Client Portal users take the following steps out of an abundance of caution:
- Change your password in your account profile, by logging into FRT’s Online Client Portal and navigating to the “Manage Account” page.
We further encourage portal users to practice safe Web usage at all times by changing login information periodically. Always use strong passwords that contain a combination of uppercase letters, lowercase letters, numbers and symbols, and use unique passwords for different sites.
Financial Recovery Technologies maintains aggressive and multi-layered information security protocols, all of which are designed to protect our clients. We will continue to monitor this situation very closely, and take all necessary steps to safeguard your data.