CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

Glitch exposes bank customers' account information

First Virginia Banks' customer representatives receive complaints from people seeing other customers' banking information in their online accounts summary.

First Virginia Banks' customer representatives got an earful this morning from people complaining that they were seeing other people's banking information in their online accounts summaries.

The bank confirmed that between 3:30 a.m. and 6:30 a.m. PT, a file transfer error prompted by a programming problem led to widespread cases of account information slipping into other people's accounts.

Some customers were able to see the deposits and cleared checks of the bank's other account holders in their own online statements.

Most online banks use outside database software from Oracle or Sybase and technology from companies such as S1 and M&I Data Services to run their sites. The Falls Church, Va.-based bank licenses software from one company to track deposits, loans and other customer information and uses another company for online banking and bill payment services.

"There was a mistake in our code," said Jeff Tansill, the senior vice president at First Virginia Services, the data management subsidiary of the bank. "But the actual balances were not affected, nor was any of the customers' personal identifying information breached."

As banks try to establish credibility in the nascent online financial industry, security concerns have loomed large as programming errors and technology glitches have exposed the sector's weaknesses.

"It was good that it didn't show the other person's account number, but you have to admit they lose some credibility when I get to see transactions of other banking customers," said Tony Lee Huffman, who has been a client of First Virginia Banks' online division for about a year.

First Virginia Banks operates brick-and-mortar branches in Virginia, Maryland and Tennessee.

Earlier this year, NetBank sent one client a transaction confirmation slip of another customer, which included vital private information such as a Social Security number. And H&R Block shut down its online tax filing service after the company accidentally exposed some customers' sensitive financial records to other customers.

"This is the kind of thing that used to happen before, too, but the problem with being online 24/7 is that when you make a screwup like this, everyone finds out about it," said Robert Sterling, an analyst at research company Jupiter Communications. "Used to be that you could just be quiet for a couple days and fix it; that option doesn't exist anymore."