Citi iPhone App Stored User Data, Software Fixed

Citigroup Inc's mobile banking software for Apple Inc's iPhone improperly stored some users' sensitive data in hidden files on the popular devices, but the bank said it has fixed the glitch. Citi spokeswoman Natalie Riper said on Monday its U.S. Citi Mobile iPhone banking program may have also saved account information on personal computers that customers hooked up to their phones.

On Monday, the U.S. lender told customers to install an upgraded version of the app, which deletes any information that may have been inappropriately saved to the iPhones or PCs. The upgrade is available from Apple's App Store or iTune store. "We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Riper said in a statement. "There has been no data breach." Applications that handle sensitive data should not be designed to save information to public logs on smart phones, where the data could potentially be accessed using malicious software programs installed by hackers, said John Hering, chief executive of smartphone security firm Lookout. But he added that Citi had acted quickly enough to remedy the situation before hackers developed malicious software to attack its customers.

Representatives for Apple were not available for comment.

Published Date: Jul 27, 2010 01:43 pm | Updated Date: Jul 27, 2010 01:43 pm