NYC's new Citi Bike program exposes card info of riders

Share this article:

New York City's two-month-old bike-sharing program, Citi Bike, sustained a data breach that exposed the personal and financial information of people who signed up for annual membership.

How many victims? 1,174.

What type of personal information? Names, credit card numbers and security codes, online account passwords, birth dates, contact information and security questions used to authenticate users of the Citi Bike website.

What happened? On April 15, before the program officially launched, the data of individuals who signed up for annual Citi Bike memberships was briefly accessible via the program's website due to a software glitch. The breach occurred because data stored on an “error log” file was exposed.

Citi Bike launched on May 27.

What was the response? NYC Bike Share, the operator of the Citi Bike program, hired a security firm to investigate. Last Friday, NYC Bike Share sent notification letters to affected individuals and plans to offer them  free credit and identity theft monitoring services.

Quote: “Notifications such as these are standard legal disclosures in any case where there is even the potential for information to have been improperly accessed,” Seth Solomonow, a spokesman for New York City's Department of Transportation, said. “While there is no evidence that any personal information was maliciously accessed or misused, NYC Bike Share engaged a security firm to investigate and recommend appropriate steps to make notifications and safeguard its customers, including to provide identity and credit monitoring free of charge.”

Source: The Wall Street Journal blog, blogs.wsj.com, “Citi Bike Accidentally Exposes Customer Credit Card Information,” July 23, 2013.

Share this article:
close

Next Article in The Data Breach Blog

Sign up to our newsletters

POLL

More in The Data Breach Blog

Fate of unencrypted drive unknown, PHI of 5,500 in Virginia at risk

A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.

Iowa State server breach exposes SSNs of nearly 30,000

The breach impacts Iowa State students where were enrolled at the university between 1995 and 2012.

Three laptops stolen from New York podiatry office, 6,475 at risk

Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.