Citi Bike Exposes Customer Credit Card Information by Mistake

What's This?

By Lorenzo Franceschi-Bicchierai2013-07-23 21:54:44 UTC

A glitch in New York bike sharing company Citi Bike's software exposed the financial and personal information of more than 1,000 customers.

The accidental breach, which also leaked credit card numbers, was reported by Citi Bike officials to the customers in a letter last week.

See also: Just How Convenient Are Citi Bikes?

"The sensitive information that may have been exposed to unauthorized access includes your name, contact information, and information related to your credit card identified above including your credit card number, expiration date and security code," read the letter (embedded at the bottom), provided to Mashable by Michael Schonfeld, one of the customers affected.

The breach was caused by an "error log" that was "briefly accessible" on Citi Bike's website on April 15, and corrected "as soon as it was discovered," according to the letter. The log contained the personal information on 1,174 customers who had signed up for the annual membership, according to the Wall Street Journal .

Apart from credit card information, the log exposed personal information like "date of birth, contact information, and information used to access [Citi Bike's] website, including username, password, and security question and answer."

As the letter notes, there is no evidence that anybody accessed the data, and NYC Bike Share President Michael Jones wrote in the letter that the information "would have been accessible no longer than 24 hours."

Citi Bike Data Breach Letter

Image: Spencer Platt/Getty Images

Topics: