RDN Response to Heartbleed Vulnerability
- Former user (Deleted)
HeartBleed Vulnerability Letter.pdf
April 11, 2014
Dear Valued Customer:
You may have recently seen or heard of an internet software vulnerability called the 'Heartbleed' bug. This vulnerability is within one of the most commonly used internet encryption and security protocols, OpenSSL. The vulnerability allowed an access point through which user data could be exploited.
KAR Auction Services and its subsidiaries, including ADESA, IAA and AFC ("KAR") do utilize OpenSSL for its internet encryption; however, the version in use within KAR is not among the affected versions. Currently, KAR is utilizing version 1.0.0 of OpenSSL. As such, KAR has verified protection from the Heartbleed vulnerability.
For your assurance, we have taken the following steps.
1. Surveyed all infrastructures externally and internally facing for OpenSSL executables to ensure there are no vulnerable versions in use.
2. We have been in contact with KAR’s vendors and have determined that none of our infrastructure is vulnerable to the Heartbleed bug.
3. Implemented and enabled active Heartbleed protection in our Firewall infrastructure.
4. Taken extra steps to increase monitoring for the Heartbleed vulnerability.
5. Conducting ongoing external risk scans to ensure all external facing systems stay secure.
KAR takes all security threats very seriously and works continuously to ensure our customer data is safe and secure. Thank you for your continued support of KAR.
Sincerely,
Stacy Mill
Director of Information Risk
KAR IT Shared Services
13085 Hamilton Crossing Blvd.
Carmel, IN 46032
Office: 317-249-4401