Vanguard safe from the "Heartbleed" bug
April 12, 2014
You may have heard about the "Heartbleed" security flaw that has exposed some websites to attackers. Vanguard takes threats like this very seriously, and we're confident that Vanguard's websites are not, and have not been, subject to this vulnerability.
What is Heartbleed?
Heartbleed was discovered in OpenSSL, the data encryption standard used by a majority of websites around the world—including Vanguard's—to transmit information securely. It lets attackers steal confidential data without being noticed, including passwords, bank account information, stored files, and Social Security numbers. Since the bug was discovered, many websites have taken steps to address the flaw.
How is Vanguard responding?
Vanguard has always taken aggressive measures to guard our internal data systems and our clients' personal information. After a thorough review of our security systems and procedures, we can assure clients that their accounts and confidential information are fully protected against the Heartbleed vulnerability.
We will continue to monitor the situation and will take all necessary steps to safeguard our clients' data.
What should I do?
The most important thing you can do to protect yourself online is to have strong, unique user names and passwords for all the websites you use. This article contains simple tips for keeping your personal information safe.
Some clients have asked us if it's necessary to change the passwords they use to log on to vanguard.com. Our view is that it's always a good practice to change your password periodically, and to use different passwords for every site you visit—especially banking and investment sites.
For more information about our efforts to safeguard our clients' information, and how you can protect yourself, visit our Security Center.