Last week saw an uptick in the number of reported IT problems, slip-ups, and complications. Among the more mind-boggling was the revelation that Fifth Third National Bank of Cincinnati informed its customers last week via a letter that, “We inadvertently reported that you filed bankruptcy to the following [four major U.S.] credit bureau reporting agencies.”
What the Fifth Third National Bank’s letter didn’t tell its customers was that their "bankruptcy" status was sent to the credit bureaus Experian, TransUnion, Equifax, and Innovis last October because of an erroneous software update to its IT systems. The bank found the error in November, but it wasn't fixed until December. The letter also didn’t explain why the bank decided to wait until last week to inform its customers of the problem.
Fifth Third National Bank refused to tell inquiring news agencies exactly what happened, nor how many of its customers the bank falsely reported were in bankruptcy proceedings; it would only say it was a “limited” number. However, a couple of news reports placed the number at over 20 000.
The bank did put out a statement saying that it corrected the false information with the four credit bureaus, and that if a customer did not have a credit issue before receiving the letter, they “should” not have one now. It also stated that, “The accuracy of our customers’ credit history is important to us, and we will ensure that no customer will suffer negative impact.”
Well, maybe no new credit problems because of the October foul-up, that is.
For those long time readers of the Risk Factor, you may remember that Fifth Third Bank was fined over failing to follow established security protocols in the massive TJX VISA credit card breach in 2007.
Major Credit Payment Outage Hits Israel
At first, it looked like a major cyberattack was occurring. When credit card purchases and other financial transactions across Israel couldn’t be completed last Thursday morning, Israel’s Shin Bet security service was quickly called in to investigate. Alas, the Times of Israel reported, it was just another software update-related problem.
The Times reported that there was a fault in the “daily update from SHVA—the automated banking service that provides communication and computer systems for many of the credit card and banking services in Israel—which set the dollar exchange rate to zero.” As a result, payment terminals that accepted foreign currency “were stumped” by the zero value, and crashed.
A Jerusalem Post story provided a bit more information, saying that the problem was traced to an error in “an overnight software update that blocked communications between Shva, the Automated Banking Services clearinghouse owned by the banks, and Retalix, which provides the payment terminals to the [store] chains.” The update error was corrected around noon local time, and things were back to normal by early afternoon.
New California Healthcare Worker Licensing System Causing Unacceptable Delays
Another new California state IT system goes live, and just as predictably, another foul-up quickly follows. This time, it was the Department of Consumer Affairs' $52 million catchily-titled BreEZe system. The online licensing and enforcement system, which was rolled out last October, is meant to streamline the operations and increase the efficiency of the 37 boards, bureaus and committees under the jurisdiction of the Department of Consumer Affairs. The improvements, it was hoped, would allow “online license applications and license renewals for registered nurses, physician assistants, doctors and respiratory care practitioners” to be a, well, breeze.
Unfortunately, the BreEZe system has been anything but for 10 of the 37 agencies currently using it. For one, the system doesn’t yet accept online applications because of a host of unresolved software issues. And the Department can’t say when BreEZe will be able to do so. Until it does, nurses, physician assistants, etc. must send in paper applications, which then have to be manually transcribed by Department of Consumer Affairs staffers and temporary workers added by the Department in order to cope with an ever-increasing pile of applications.
Newly minted nursing school graduates have apparently been hardest hit by the backlog. Many have received job offers from hospitals and other healthcare providers, but cannot practice without a license when licensure requires confirmation that the candidate has passed a state exam. The Department of Consumer Affairs schedules and administers the exams, and processes the results, but is falling further and further behind in scheduling the tests because of the problems with BreEZe. Other healthcare workers who are already licensed but need to renew their credentials are reportedly encountering snags, too. The total backlog of applications is now said to have reached over 4000.
The problems with BreZe are now reaching a point, the Modesto Bee reports, where “some hospitals aren’t able to fill gaps in staffing or meet nurse-to-patient ratios required by state law.” The shortages have grown so critical that some hospitals are paying other facilities to take their patients.
A spokesman for the Department of Consumer Affairs told the LA Times, in a classic government statement of the obvious, “Our BreEZe computer system is not doing everything it was designed to do yet.” Why the system was ever rolled out before being able to reliably perform one of its most basic functions is anyone’s guess.
An audit of this latest California IT disaster has been called for, but whether it ever happens remains to be seen.
Toyota Recalls 2 Million Buggy Vehicles
Finally another of the more newsworthy foul-ups was Toyota’s recall of 1.9 million Prius hybrids for a software flaw, which was discussed in a separate Risk Factor post last week.
Subsequent to that announcement, Toyota also announced a recall of another 295 000 vehicles involving both its Toyota and Lexus brand vehicles over an electrical component fault in their brake actuators. Reuters reports that the fault could increase the resistance in the fluid pressure in each wheel cylinder, which could cause the vehicles’ stability control, traction control and anti-lock brakes to become “inoperative.” The vehicles affected include 2012 and 2013 model year Lexus RX350 crossover vehicles, 2012 and 2013 Toyota Tacoma trucks, and 2012 Toyota RAV4 SUVs.
Fifth Third National Bank of Cincinnati Files Bankruptcy for Thousands of Customers
Software Update Error Crashes Israeli Credit Payment Terminals
California’s New Consumer Affairs BreEZe Licensing System Becalmed
In Other News…
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.