BOSTON/NEW YORK (Reuters) - Citigroup Inc’s (C.N) mobile banking software for Apple Inc’s (AAPL.O) iPhone improperly stored some users’ sensitive data in hidden files on the popular devices, but the bank said it has fixed the glitch.
Citi spokeswoman Natalie Riper said on Monday its U.S. Citi Mobile iPhone banking program may have also saved account information on personal computers that customers hooked up to their phones.
On Monday, the U.S. lender told customers to install an upgraded version of the app, which deletes any information that may have been inappropriately saved to the iPhones or PCs. The upgrade is available from Apple’s App Store or iTune store.
“We have no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone,” Riper said in a statement. “There has been no data breach.”
Applications that handle sensitive data should not be designed to save information to public logs on smart phones, where the data could potentially be accessed using malicious software programs installed by hackers, said John Hering, chief executive of smartphone security firm Lookout.
But he added that Citi had acted quickly enough to remedy the situation before hackers developed malicious software to attack its customers.
Representatives for Apple were not available for comment. The glitch was first reported by the Wall Street Journal on Monday.
Citigroup shares rose 2.5 percent to $4.12 late Monday afternoon.
Reporting by Jim Finkle and Maria Aspan; Additional reporting by Edwin Chan in Los Angeles; Editing by Richard Chang