The Wall Street Journal reports a Citi Bike glitch exposed credit card details of more than 1,000 users. The leak happened three months ago, but New York’s Department of Transportation, which runs the bike-share scheme, did not inform the customers who had been affected until last week. A letter it sent to those involved was dated July 19.
The exposed data, which may have included names, contact details, credit card numbers, and information relating to security–codes, birth dates, security questions–was “briefly accessible” on the system’s website on April 15. The breach was noticed and the flaw fixed “at the end of May,” according to the letter, which means the data was accessible for up to six weeks.