[BreachExchange] Kiwibank customers still facing money access issues following cyberattack
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Mon Sep 13 08:29:48 EDT 2021
https://www.msn.com/en-nz/news/national/kiwibank-customers-still-facing-money-access-issues-following-cyberattack/ar-AAOmPvQ
Kiwibank customers are still facing internet banking and app issues five
days after a distributed denial of service (DDoS) attack first took out its
website.
The New Zealand state-owned bank had issues last week during the
cyberattack, along with ANZ Bank, Metservice and NZ Post.
And while ANZ customers had ongoing issues until the weekend, it had
appeared Kiwibank's problems had been resolved. But that wasn't the case.
A social media update from the company this morning said it was "expecting
Internet Banking and our App to be intermittent today".
"Some customers may be able to access our services and some may have issues
from time to time. We’re continuing to work on this as our priority."
That followed users on Reddit sharing stories on how access over the
weekend had been problematic.
On its Facebook page today Kiwibank acknowledged the challenges and
frustrations customers have faced.
"We really do appreciate the patience and support you have shown while we
work around the clock to get our services back up and running.
It also asked customers to keep the likely access problems in mind and plan
ahead with regards to any payments or transfers needing made. However it
has pledged to reimburse any customer who has been charged extra due to the
cyberattack.
"We will reverse any fees our customers have incurred due to the outages
which include phone banking and dishonour fees. Any fees that may have been
charged will be refunded."
While some customers understand the nature of the attack means the issues
can be outwith the bank's control, others are less sympathetic.
"C'mon on Kiwibank. I have urgent business banking to do, and every time I
log in it boots me out again. The ongoing disruptions are unacceptable,"
one wrote.
Another described it as "infuriating".
"You make SO much money from your customers - the least we expect is to be
able to access our own money."
DDoS cyberattacks aim to restrict and impair access to computer systems,
says CERT NZ, the Government's cybersecurity agency.
"They typically target servers to make websites and payment services
unavailable - preventing legitimate users from accessing the online
information or services they need," the CERT website says.
It does so by flooding a website with fake requests in order to overload
the system. With websites and networks only able to process a certain
amount of requests at any one time this causes issues for those trying to
access the site.
Last week's DDoS attack happened just a few days after large parts of New
Zealand's internet were down due to a similar attack on a Vocus customer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210913/dc8cd5b8/attachment.html>
More information about the BreachExchange
mailing list