Citigroup told its U.S. mobile banking customers they should upgrade to a new application designed for Apple’s iPhone after the bank’s original version was found to have a security flaw. “In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users’ iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.”
Citi said the problem was discovered in a routine security review. Citi notified customers of the problem in a letter dated July 20. Other Citi iPhone apps such as the app for credit card customers weren’t affected, said Citi in a statement.
The information may also have been saved to a user’s computer if they synced their iPhone with a PC. It wasn’t immediately clear whether the information was stored in an area that could have been accessed by a hacker, but Citi said it doesn’t believe the data was breached and said its new app corrects the problem.