All kinds of PINs be it, TPINS (used to mobile/telecom based transactions) or FPIN (usually used over E-Banking) are generated by HSMs.
HSMs generates a PINs by applying cryptographic operations (details of this depends over the manufacturer and type of HSM) over the information provided to them such as PAN, Account numbers etc. In short a PIN is a Zipped format of all the above information enclosed in 4 digits.
To have unique
PINs it is necessary to at least have one unique entity in the set of information provided to HSM for this purpose for e.g. like Customers national Id number.
But if the PIN is being repeated it means your banks doesn't have a unique entity in the set they are using information like PAN, account numbers etc. which are same for both of you in this case hence same PIN.
However, this could be called a configuration mistake but again can't be a security flaw, because you always have to change you initial PIN before you can start using that card anyways.