Citi plugs privacy hole in iPhone banking app

The Citi Mobile iPhone app was inadvertently saving account data in a hidden file on iPhones and computers that were synced, bank says.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

Citibank has fixed a flaw in its iPhone app that was inadvertently storing customer account data on the mobile devices, the company said on Monday.

"During a recent review, we discovered that our U.S. Citi Mobile iPhone banking app was accidentally saving information related to customer accounts in a hidden file on their iPhones," the company said in a statement. "This information may also have been saved on their computer if they had been synchronizing their iPhone with their computer via iTunes."

Citi has released an update to its iPhone app that corrects the problem and deletes any Citi mobile information that may have been stored on the mobile device or the customer's computer.

Other Citi apps and services are not affected and Citi said it had no reason to believe that any customer data was compromised.

The new app was released a week ago and last Tuesday 118,000 letters were mailed to customers using the app, according to a source familiar with the matter.