The National Security Agency flatly denied Friday a report that it has been aware for years of the Heartbleed computer glitch wreaking havoc on computer security around the world.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong,” NSA spokesperson Vanee’ Vines told TIME.
Earlier Friday, Bloomberg News published a report citing two anonymous sources alleging that the eavesdropping agency was aware of the Heartbleed glitch for at least two years before it was made public. Heartbleed is widely seen as one of the most significant computer security flaws in the history of the Internet and the NSA drew fierce criticism over the allegation that it failed to report the existence of the flaw and instead exploited it for spying ends.
“The NSA’s purpose is to protect Americans,” said PATRIOT Act author Rep. Jim Sensenbrenner (R—Wisc.). “But if media reports are accurate, rather than fixing the Heartbleed bug, the NSA exploited it to gather information, leaving Americans vulnerable to cyber-attacks. Once again, the NSA proved blind to the interests of every day Americans in its single-minded pursuit of information.”
The National Security Council also issued a public denial Friday that the NSA had prior knowledge of Heartbleed. “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong,” NSC said in a statement.