The Wall Street Journal reports:
A Citi Bike software glitch accidentally exposed sensitive personal and financial information—including credit card numbers—of more than 1,000 of its account holders, the bike sharing program’s operators wrote in a letter last week to the affected customers.
The data breach occurred on April 15, according to a letter sent to a Citi Bike member obtained by The Wall Street Journal. The letter was dated July 19.
Read more on WSJ. The Gothamist also covers the breach, with the reactions of a recipient of the notification letter who found it puzzling and suspicious.