When it comes to operating system security breaches, Apple is best known for silence. Until, that is, the company has worked out a fix and is ready to release it. However, that approach might not work vis-a-vis iTunes fraud, especially when one of the victims just happens to be a prominent state attorney general.
As bad luck goes, Martha Coakley has had more than her share — a skiing trip saw her debit card information stolen and the thieves emptied her account, says Threat Post. A separate incident resulted in her credit being drained, as well.
The twist is that Coakley is the Massachusetts Attorney General and, whereas she’s happy with Dell for informing her of an attempted fraudulent purchase using the debit card, the state AG is rather less pleased that Apple didn’t report successful fraudulent purchases on her credit card.
And, the double whammy is that Massachusetts has a law, 201 CMR 17, that mandates companies must report digital data breaches. Moreover, this law has lead to prosecutions.
Voluntary cooperation is mandatory
Coakley told Threat Report that companies acting in good faith to comply with Massachusetts’ data breach laws have little to fear. She added, however, those that flaunt or ignore the law should take heed.
So, Apple, when dealing with the Massachuesetts’ Attorney, you might want to be a little more forthcoming than you were with the DigiNotar SSL issue or MacDefender trojan problem. Taking weeks, months or, in the case of iTunes fraud, years to suss things out might not wash with the AG…
What’s your take?