Currencycloud incident

Virtual account creation service degraded

Minor Resolved View vendor source →

Currencycloud experienced a minor incident on April 28, 2026 affecting Other, lasting 9h 43m. The incident has been resolved; the full update timeline is below.

Started
Apr 28, 2026, 07:32 AM UTC
Resolved
Apr 28, 2026, 05:15 PM UTC
Duration
9h 43m
Detected by Pingoru
Apr 28, 2026, 07:32 AM UTC

Affected components

Other

Update timeline

  1. investigating Apr 28, 2026, 07:32 AM UTC

    We are currently investigating an issue affecting the functionality to create CAD virtual accounts.

  2. investigating Apr 28, 2026, 10:13 AM UTC

    We are working with our Banking Partner to resolve this issue and will update once the issue has been resolved.

  3. resolved Apr 28, 2026, 05:15 PM UTC

    Issue has been mitigated and all vans have been created.

  4. postmortem May 07, 2026, 08:28 AM UTC

    # Overview On 27 April 2026, we identified an issue affecting the creation of virtual accounts \(VANs\) via one of our external network partners in the production environment. During this period, requests to create new virtual accounts were not completing successfully due to an authentication failure when communicating with the network partner. Service was fully restored once the underlying cause was addressed and normal processing resumed. # Client Impact Clients attempting to create Canadian Dollar virtual accounts backed by our network partners experienced delays, as new virtual accounts could not be created during the incident window. Existing virtual accounts and previously created account details were not impacted, and there was no loss of data or funds. Once the issue was resolved, the system automatically processed the accumulated backlog, and all pending virtual account creation requests were successfully completed. Clients were not required to take any action. # Root Cause The root cause of the incident was an expired authentication token used by our virtual accounts service when making API requests to our network partners. As a result, the network partners rejected virtual account creation requests with authorization errors, preventing new virtual accounts from being generated. The token expiry was not detected in advance due to insufficient monitoring and alerting around external credential lifecycles. Once the new token was issued, it was securely updated in our systems and the affected services were restarted, restoring successful communication. Additional monitoring and alerting have since been implemented to track token expiry and prevent recurrence of this issue.