The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more