Citi Bike riders have accidents on occasion, but usually they just affect one or two people. This time, the system itself had a little accident, exposing names, contact information, passwords, and credit card numbers of 1,174 users who signed up early for yearly accounts. The troubling thing isn’t necessarily the fact that the information was exposed — Citi Bike says it corrected the breach, and “there is no evidence that any personal information was maliciously accessed or misused” — but rather the delay between the breach in April, and when Citi Bike told customers about it last week. A spokesman “didn’t explain the delay between the identification of the security flaw and notification of affected users,” Ted Mann wrote in The Wall Street Journal. They’re going to have to work on that transparency if they don’t want people going around equating them with totalitarianism.
