It’s mind boggling that they could have no isolated “hot spare” system. Unless there is actual active internal sabotage or some kind of massive hack attack going on, I’d say that a lot of people high-up in their IT department are going to have to leave, and, if they are lucky, go back to fixing PC’s.
The liability potential is pretty serious; I notice on their website that payments to others are affected and that they will “pay any penalties involved”. That won’t help if you wind up with a lot of black marks on your credit.
These ‘hot spare’ systems are great for hardware failures.
However, if it is a software bug, and you start up the ‘hot spare’ system, it is likely that the same bug will immediately occur on the backup system. I have seen this happen several times in large enterprise systems.