Citi Bike Had a Little Accident With Users’ Data

Julie Iovine returns a Citi Bike to a docking station in Union square on May 29, 2013 in New York City. Citi Bike, the long awaited bike sharing program that launched over the Memorial Day weekend in New York, provides 6,000 bikes which are available for short-term rental at 330 stations in Manhattan below 59th Street and parts of Brooklyn. Until June 2nd only members of the Citi Bike program can use the bikes. The bikes will rent daily for $9.95 (plus tax ) or weekly for $25 and will be limited to trips of 30 minutes each. More than 16,000 people have signed up to be members so far.
Photo: Spencer Platt/Getty Images2013 Getty Images

Citi Bike riders have accidents on occasion, but usually they just affect one or two people. This time, the system itself had a little accident, exposing names, contact information, passwords, and credit card numbers of 1,174 users who signed up early for yearly accounts. The troubling thing isn’t necessarily the fact that the information was exposed — Citi Bike says it corrected the breach, and “there is no evidence that any personal information was maliciously accessed or misused” — but rather the delay between the breach in April, and when Citi Bike told customers about it last week. A spokesman “didn’t explain the delay between the identification of the security flaw and notification of affected users,” Ted Mann wrote in The Wall Street Journal. They’re going to have to work on that transparency if they don’t want people going around equating them with totalitarianism.