Although it is a widespread exploit that has been undetected for two years, whether or not a CGL policy covers data breaches allowed by Heartbleed should turn, simply, on whether the policy covers data breach at all...more
Threats to data privacy are not going away, but establishing appropriate security measures up-front, performing regular stress-tests on a security system, putting in place procedures to address a data breach and implementing...more
The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more