According to the Wall Street Journal, the app saved information - including account numbers, bill payments and security access codes - in a hidden file on customers' handsets. The data may also be on computers synched to the iPhones.

The flaw with the system affects around 117,000 customers who have downloaded the app since it was launched last March, says the WSJ although it is not thought any personal data has been exposed.

The bank has now sent out letters to customers urging them to install an upgraded version of the application, which does not store their information and deletes any data already on the phone.

Citi Discloses Security Flaw in Its iPhone App - WSJ