Bike hire data leak treated with 'utmost urgency'

A bicycle rental company that accidentally made customer data available on its mobile app has said it is treating the matter "with the utmost urgency".

A user of OxBykes, which operates its own fleet of bicycles for rental and sale in Oxford, Cambridge and London, said they had accidently been granted administrative level access to its database on 13 May.

Screenshots shown to the BBC by the customer - who asked to remain anonymous - display confidential data including names, contact details and order history.

OxBykes said the security flaw had been resolved and that potentially affected customers would be contacted.

OxBykes has 25 depots across Oxford, 14 in Cambridge and three in London.

It makes bicycles available for collection instantly after purchase.

The user said they had come across the glitch while trying to contact the support team after struggling to find a bike they had rented.

They said the data was found via a button on the mobile app and "was accessible throughout the past week".

The customer added that they received a personal WhatsApp message from OxBykes founder Louis Wright on Sunday, explaining the error and requesting that they did not release any confidential information.

OxBykes CEO Tom Widgery replied to BBC's request for comment on Wednesday.

He said the company was "made aware today that a very limited selection of customer data from a small number of customers may have been accessed as a result of a previously resolved vulnerability".

"We are treating this matter with the utmost urgency and are currently speaking to our lawyers to understand the full implications of the situation," he said.

"We have already taken steps to patch the security flaw and are working to understand the extent of any data exposure.

"We are also reporting the incident to the Information Commissioner's Office and are preparing to contact any potentially affected customers directly."

You can follow BBC Oxfordshire on Facebook, X (Twitter), or Instagram.