Like I always say, all (non-trivial) software have bugs. It’s a matter of when and if they are discovered. If you’re lucky, the bugs may only result in financial loss. In more serious cases, safety and security can be compromised.
When the system was introduced in the mid-1990s, the program code filtered out any transactions that were given three-digit branch codes from 089 to 100 and used those prefixes for testing purposes.
But in 1998, the company started using alphanumeric branch codes as it expanded its business. Among them were the codes 10B, 10C and so on, which the system treated as being within the excluded range, and so their transactions were removed from any reports sent to the SEC.
Source: Programming bug costs Citigroup $7m after legit transactions mistaken for test data for 15 years
