In early September, the Bank of Melbourne had its Twitter account hijacked by someone that used it to send phishing messages to its followers, many of whom were customers. The tweets sent from the Bank of Melbourne Twitter account contained malicious links.
The likely cause for the account compromise was a weak password used by a staffer with access to Twitter.
This event should serve as a lesson to banks with a social media presence. Just as banks maintain effective password policies to access internal systems, similar policies should be required for external systems. Employees should be made aware of the damage that can result from lax/poor controls over passwords. The lack of effective controls can result in reputational harm, regulatory criticism and legal action.