Establishing Digital Trust: Don't Sacrifice Security for Convenience
The breach, which apparently occured on April 15, wasn't discovered until the end of May. The names, contact information, credit card numbers and security codes, passwords, birthdates and security questions of 1,174 people who had signed up for $95 annual memberships were exposed.
According to the notification letter, which was partially reprinted by Gothamist, the data was posted online when an error log containing customer information was "briefly accessible."
"While there is no evidence that any personal information was maliciously accessed or misused, NYC Bike Share engaged a security firm to investigate and recommend appropriate steps to make notifications and safeguard its customers, including to provide identity and credit monitoring free of charge," New York City Department of Transportation spokesman Seth Solomonow told the Wall Street Journal.