Apple, consider this a wake up call
When it comes to operating system security breaches, Apple is best known for silence. Until, that is, the company has worked out a fix and is ready to release it. However, that approach might not work vis-a-vis iTunes fraud, especially when one of the victims just happens to be a prominent state attorney general.
As bad luck goes, Martha Coakley has had more than her share — a skiing trip saw her debit card information stolen and the thieves emptied her account, says Threat Post. A separate incident resulted in her credit being drained, as well.
The twist is that Coakley is the Massachusetts Attorney General and, whereas she’s happy with Dell for informing her of an attempted fraudulent purchase using the debit card, the state AG is rather less pleased that Apple didn’t report successful fraudulent purchases on her credit card.
And, the double whammy is that Massachusetts has a law, 201 CMR 17, that mandates companies must report digital data breaches. Moreover, this law has lead to prosecutions.
Voluntary cooperation is mandatory
Coakley told Threat Report that companies acting in good faith to comply with Massachusetts’ data breach laws have little to fear. She added, however, those that flaunt or ignore the law should take heed.
So, Apple, when dealing with the Massachuesetts’ Attorney, you might want to be a little more forthcoming than you were with the DigiNotar SSL issue or MacDefender trojan problem. Taking weeks, months or, in the case of iTunes fraud, years to suss things out might not wash with the AG…
What’s your take?
September 22nd, 2011
While companies do need to pay close attention to identity theft laws, here’s the kicker to me. Was Apple informed in any way that the purchases were fraudulent, prior to the fraudulent purchases being made? How is a company to know when fraudulent purchases are being made if the fraud is perpetrated prior to the reporting of the fraud? What is a company’s responsibility once the fraud has been reported?
While Martha Coakley did indeed have some financial bad luck, she is in a much better place than the average person to do something about it, but to claim that Apple is somehow supposed to report fraudulent charges first begs the question, did Apple know they were fraudulent prior to the purchase being made, and how did Apple respond once the fraud was reported?