Dear Carbonite User,

As you may have seen in recent news, a major vulnerability has been exposed in OpenSSL, a popular web encryption software used widely across the internet. This vulnerability - dubbed Heartbleed - makes it possible for hackers to access information transmitted from your computer even though it is being encrypted via the HTTPS protocol.

Carbonite Personal and Pro subscriptions do not use the affected encryption software. Your personal data was never at risk. With Carbonite's Personal and Pro subscriptions, your data is protected by the following safeguards:

• Encryption: Your data is encrypted while on your computer and securely transmitted to our data centers, where it stays encrypted.
• Data centers: Our state-of-the-art data centers are guarded 24/7, employ temperature control and biometric scanners, and have backup generators in the event of a power disruption.
• Third-party compliance audit: We recently completed a six-month audit with an outside firm to ensure all of our practices meet the strict federal guidelines of HIPAA and the AICPA guidelines for SOC 2. The external auditor found that we met or exceeded the requirements.

If any of your other online vendors have been impacted by Heartbleed and you use the same password as you do for Carbonite, we recommend changing both passwords. Your Carbonite password should only be used for our service, and data security best practices state that a password should be at least 10 characters, with capital letters, numbers and symbols. For more on changing your password, please refer to the Knowledge Base.

Thank you for trusting us with your data.

Sincerely,

The Carbonite Customer Support Team