Citibank customers may have exposed info through iPhone app

Citigroup issued a warning today noting that there were some security loopholes in its mobile banking iPhone app, and also released an update that patches the hole.

Citi said that the app saved personal information about users, such as security codes, account imformation, and transaction details, to a remote file on the iPhone’s internal memory. That data could then have been accessed by any third party that had access to the phone.

That data was also transferred to the user’s PC every time the iPhone was synced up. However, even though personal information was flowing through areas other than the app and Citi’s servers, “We have no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone,” said the financial group in a statement.

Citi noticed the glitch itself and notified its customers immediately about a week ago. It was discovered in a “routine” security check but somehow managed to slip through the cracks during the development and testing phases of the app.

The Citi mobile banking app is currently the 11th most popular download on the App Store.