Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Heartbleed bug

11 April 2014

The Heartbleed bug has put personal information held on many systems running OpenSSL at risk.

The Office of the Australian Information Commissioner (OAIC) reminds all entities covered by the Privacy Act that they must take reasonable steps to protect the personal information they hold.  

Part of those obligations would include regularly monitoring the operation and effectiveness of their ICT security measures to ensure that they remain responsive to changing threats and vulnerabilities and other issues that may impact the security of any personal information they hold.

Where a vulnerability has been identified, patches and software upgrades should be rolled-out as soon as possible.

Once organisations have patched the Heartbleed vulnerability, the OAIC strongly encourages them to assist their users to change their passwords.