New Zealand credit unions were left vulnerable by the Heartbleed Bug that affected up to 17 per cent of secure web servers worldwide.
The bug is in software called OpenSSL that is used for encryption in a wide range of websites.
Large technology companies including Google and Facebook had been working to fix the bug before it became public knowledge on April 7, but some websites were left vulnerable.
New Zealand Association of Credit Unions chief information officer Deane Johns said he was advised of a vulnerability in the association's servers by internet security firm Symantec yesterday.
The vulnerability is in accessweb.co.nz, a login system shared between New Zealand's credit unions.
Heartbleed.com, a website set up to provide information on the bug says it can be exploited to find names and passwords of users on servers.
Johns said the association is unaware of any breach, but that a breach was possible.
He did not recommend Credit Union members take any action.
''It's not something that changing passwords will help.''
The association will update its servers tonight.