Kiwibank customers are still facing internet banking and app issues five days after a distributed denial of service (DDoS) attack first took out its website.
The New Zealand state-owned bank had issues last week during the cyberattack, along with ANZ Bank, Metservice and NZ Post.
And while ANZ customers had ongoing issues until the weekend, it had appeared Kiwibank’s problems had been resolved. But that wasn’t the case.
A social media update from the company this morning said it was “expecting Internet Banking and our App to be intermittent today”.
“Some customers may be able to access our services and some may have issues from time to time. We’re continuing to work on this as our priority.”
That followed users on Reddit sharing stories on how access over the weekend had been problematic.
On its Facebook page today Kiwibank acknowledged the challenges and frustrations customers have faced.
“We really do appreciate the patience and support you have shown while we work around the clock to get our services back up and running.
It also asked customers to keep the likely access problems in mind and plan ahead with regards to any payments or transfers needing made. However it has pledged to reimburse any customer who has been charged extra due to the cyberattack.
“We will reverse any fees our customers have incurred due to the outages which include phone banking and dishonour fees. Any fees that may have been charged will be refunded.”
While some customers understand the nature of the attack means the issues can be outwith the bank’s control, others are less sympathetic.
“C’mon on Kiwibank. I have urgent business banking to do, and every time I log in it boots me out again. The ongoing disruptions are unacceptable,” one wrote.
Another described it as “infuriating”.
“You make SO much money from your customers – the least we expect is to be able to access our own money.”
DDoS cyberattacks aim to restrict and impair access to computer systems, says CERT NZ, the Government’s cybersecurity agency.
“They typically target servers to make websites and payment services unavailable – preventing legitimate users from accessing the online information or services they need,” the CERT website says.
It does so by flooding a website with fake requests in order to overload the system. With websites and networks only able to process a certain amount of requests at any one time this causes issues for those trying to access the site.
Last week’s DDoS attack happened just a few days after large parts of New Zealand’s internet were down due to a similar attack on a Vocus customer.