Statement by the Alaska Bar Association
on the Heartbleed Bug
By now most of you have heard about the SSL security bug dubbed "Heartbleed." Regrettably, the Alaska Bar Association public website was among the many that have been affected by this vulnerability despite our security protocols and controls. Between approximately August 2012 and April 2014, any information exchanged between our website and its visitors has been potentially exposed. This includes credit card / payment information for CLE and DVD purchases. This does not include Bar dues payments on the myalaskabar.org website.
Due to our internal security procedures, credit card information is only used for the immediate authorization/purchase and is NOT stored anywhere in our system. The window of exposure for each transaction was infinitely small, and the risk of unauthorized access was minimal. However, as a precaution, we recommend that every website user that conducted an online purchase for CLE and DVD purchases on our website in last two years review their credit card statements and make sure that no unauthorized charges have occurred.
The Alaska Bar Association website does not store any usernames and passwords, and no personally identifiable information (outside of what's listed above) has been exposed on the website. We worked last week to patch the vulnerability, as well as test and verify the security protocols on our website. Rest assured that all information submitted on our website this week is safe and secure. We will continue to diligently monitor our servers to make sure that they continue to meet the highest security standards.
We apologize for the inconvenience this may have caused. Please feel free to contact us with any additional questions.
More information about the "Heartbleed" bug can be found here.
Alaska Bar Association