They had this bug for more than a decade. They should have systems in place to look for these things.
People make mistakes, but these mistakes should be caught before they get into production. And the ones that still make it into production should be hunted.
Should we discuss about all the 15 years old bugs that are found in Windows, Linux and MacOS which are well into production (and many of them critical bugs that affect the core of the product)? Has a software company ever been fined or held liable for bugs in its products? In fact too often, bug fixes are paid updates.
Financial companies are held to extraordinary standards, and in my opinion it's a game they cannot win.
This is not a minor bug, this is a bug that caused data to be misrepresented. If you want to compare it to OS bugs, then you need to look at silent data corruption: how many data corruption bugs have gone undetected in operating systems for 15 years?
You mean a server OS leaking kernel memory to any external connection doing something special with TLS without leaving any audit trail that this happened is a minor bug?
this is unbelievably naive comment... do you work in IT? 15 year old bugs are nothing special, with known ones having workarounds implemented (often buggy), or just some completely new happening on broken data feed, unexpected values etc. the list is endless
People make mistakes, but these mistakes should be caught before they get into production. And the ones that still make it into production should be hunted.