Citibank iPhone App 'Accidentally Saved Personal Information'

Citibank said its U.S. iPhone app accidentally saved personal information, including account numbers.

The company publicly acknowledged the security flaw Monday, explaining that it had already released an updated iPhone app that patches the leak.

"During a recent review, we discovered that our U.S. Citi Mobile iPhone banking app was accidentally saving information related to customer accounts in a hidden file on their iPhones," said Citibank spokeswoman Natalie Riper. "This information may also have been saved on their computer if they had been synchronizing their iPhone with their computer via iTunes."

The company explained that the flaw affected only users of the mobile banking app; credit card customers access Citibank's services through a separate iPhone application, which the company believes was not compromised. Citibank stated that it had attempted to communicate with customers who have downloaded the app to advise them of the update, and stresses that the flaw was found and fixed before any customer data was compromised.

"We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone, i.e., there has been no data breach," said Riper.

Citi launched the iPhone app in March 2009 in conjunction with mobile financial services provider MFoundry, reported the Wall Street Journal. MFoundry, a private company based in Larkspur, Calif., didn't respond to a request for comment.

The bank said it performed security tests before and after the release of the application but failed to detect the problem. Citi said it is conducting an internal analysis to determine why it didn't find the vulnerability.

The glitch highlights the security challenges that are emerging as cellphones grow more sophisticated and consumers increasingly use them to organize their lives. John Hering, chief executive of mobile security provider Lookout, said his company is discovering more apps that could inadvertently expose or leak personal information, such as location information and phone numbers.

"Most consumers and app developers don't know what is happening in their apps, because it is moving so fast," Mr. Hering said. "Apps are proliferating so quickly. We will see more and more of this."

Read more at the Wall Street Journal.