A glitch in Citi Bike's system inadvertently exposed the personal information — including credit card numbers — of more than 1,000 users in mid-April, and the Department of Transportation has no explanation for why customers weren't notified until July 18.

The Wall Street Journal reports that an error log with the personal information of 1,174 Citi Bike customers who signed up for $95 monthly yearly accounts was "briefly visible" on the Citi Bike website on April 15. The security breach wasn't corrected until the end of May, according to a letter sent to Citi Bike customers.

The system also knocked out for about an hour last week, preventing customers from taking out bikes.

[WSJ, image via AP]