Metro Bank UK stole software and linked it to their online banking system.
From the article:
source code for the machines may have been shared by Metro with other parties in a way that left customer accounts “susceptible to compromise”, suggesting that cash could be accessed by potential hackers and bad actors.
Sorry, but if a bad actor can break into bank accounts just by having the source code to a coin-counting machine, the bank in question just has horrific security practices.
This may just be mudslinging or being purposely vague in this disclosure. The whistleblower doing disclosure only appears to state that cash can be deposited directly while also claiming a theft, similar to one Arkeyo alleges in legal claims going back almost a decade across jurisdictions, allows for comprise when taken together. An example attack from this may be that the coin-counter after entering your account number and depositing coins, seeing the total account balance after is the “compromise” being disclosed (i.e. very small). Source
Fucking around and finding out: