The Members Forum

Citigroup Inc. told its U.S. mobile banking customers they should upgrade to a new application designed for Apple Inc.'s iPhone after the bank's original version was found to have a security flaw.

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved personal account information in a hidden file on users' iPhones. Information that may have been stored includes their account numbers, bill payments and security access codes.

The information may also have been saved to a user's computer if they synced their iPhone with a PC.

It wasn't immediately clear whether the information was stored in an area that could have been accessed by a hacker, but Citi said it doesn't believe the data was breached and said its new app corrects the problem.

"We have no reason to believe that our customers' personal information has been accessed or used inappropriately by anyone," Citi said. An Apple spokeswoman didn't immediately reply to a request for comment.

Security experts worry about "leakage" when confidential data gets logged by wireless apps. Citi said its new application, released July 19, deletes any information that may have been saved to a user's iPhone or computer.

Citi said the problem was discovered in a routine security review. Citi notified customers of the problem in a letter dated July 20. Other Citi iPhone apps such as the app for credit card customers weren't affected, said Citi in a statement.

Citi launched the iPhone app in March 2009 in conjunction with mobile financial services provider mFoundry. MFoundry, a private company based in Larkspur, Calif., didn't respond to a request for comment.

The WSJ has the details HERE!