Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

Website logo 275x60

Print | Email this page

Heartbleed advisory note

heartbleed1 edit

Researchers have discovered an internet vulnerability named Heartbleed. Until it is fixed, Heartbleed will make OpenSSL encrypted connections, which secure much of the internet’s information flows, insecure. New Zealand website owners should check their servers urgently and patch them if required.

Individuals should wait until servers are patched before changing their passwords, but should be prepared to change them within the next day or so. Adding second factor authentication, where available, will also improve security.

Principle 5 of the Privacy Act (or relevant privacy codes of practice) requires that reasonable steps to secure information be taken if you hold personal information. If your website is affected by Heartbleed and you are not taking steps to remedy this, then you are unlikely to be meeting your obligations under the Act.

If your servers were vulnerable and you have patched them, consider contacting your customers to prompt them to change passwords.

Further information on fixing the vulnerability can be found at the New Zealand Internet Task Force’s website.

There is also helpful information on the Netsafe website.

Back to top