Summary
Mambu experienced an incident, where custom field data was lost when performing deposit transactions via API. The incident affected the API calls received between, Thursday Nov 29th 9:30am and Tuesday Dec 4th 6:45 pm UTC.
What Happened?
On Thursday, Nov 29th, 2018 at 9:30am UTC we released a patch with multiple improvements. Unfortunately, this build contained defects in the handling of custom fields for deposit transactions.
On Friday, Nov 30th it was noticed that deposit transactions API calls, with the custom fields that are marked required, were rejected. In the initial analysis , we suggested marking all custom fields as non-required, as a workaround to be able to execute Deposit Transactions, while the permanent fix was underway.
On Monday, Dec 3rd we have identified that all custom fields for deposit transactions posted via APIs were not saved. We started to work on the fix immediately well and by Dec 4th the fix was released to live environments..
On Monday, Dec 10th we have conducted the Root Causes analysis, that confirmed shortcomings in the release flow, due to which the defect was not captured. As the result, relevant automated tests were skipped, which would have normally caught this.
What Are We Doing About This?
In the effort to minimise the impact we have identified the transactions that might have been affected by the defect. A file containing a list of potentially impacted deposit transactions was provided to the affected tenants. We are working closely with each tenant to find best possible remediation to recover the possible lost Custom Field data.
The shortcoming in the release flow has been identified and fixed immediately, which will ensure a similar situation will not happen again and all the automated tests will be executed for each minor release. In addition to that, we are significantly improving Quality Assurance practices and controls, increasing automated tests coverage, as well as introducing Consumer-Driven Tests to capture customer-specific API usage scenarios and test all these scenarios before releasing the changes.
Furthermore, Mambu is also looking at improving the overall rollback process, which would allow us to immediately rollback a version that is causing problems. This would give us time to address the issue and re-deploy the release incident-free, without impacting the overall production flows and data while we are busy fixing the issue.
We assure you that, at Mambu, we take our commitment to deliver a high quality service very seriously and sincerely apologise if this has caused any inconvenience.