A Citi Bike software glitch accidentally exposed sensitive personal and financial information -- including credit card numbers -- of more than 1,000 of its account holders, the bike sharing program's operators wrote in a letter last week to the affected customers.

The data breach occurred on April 15, according to a letter sent to a Citi Bike member reviewed by The Wall Street Journal. The letter was dated July 19.

The security breach was discovered and corrected "at the end of May" and affected 1,174 customers who signed up for $95 annual memberships to the program, said Seth Solomonow, a spokesman for the city Department of Transportation, which launched Citi Bike and controls all of the system's communications to the public.

He did not explain the delay between the identification of the security flaw and notification of affected users.

According to NYC Bike Share LLC, a local subsidiary of system operator Alta Bicycle Share, an "error log" containing personal data on Citi Bike account holders was "briefly accessible" on the system's website on April 15. The error was corrected as soon as it was discovered, NYC Bike Share President Michael Jones said in the letter.