2. Brute Force The website could be brute forced, and all the members login details and bank accounts could be leaked.Most sites generally have protection against this, by restricting the amount of logins within a period of time on a IP address.
3. PHP There are ways of exploiting PHP websites, which a hacker could gain access to the login details and leak information.
5. Weak Password If the password is weak, the password could possibly be guessed by someone who may know some of the members of staff who work there.
6. Server There could be a theft and the server could be stolen. The theif could access the data and have access to thousands of bank details. To reduce the risk, the servers should be in a secure building, with a locked door to the server room.