Massachusetts Attorney General Martha Coakley announced Tuesday that her office will be investigating Apple Computers to determine if they are in compliance with her state’s data breach notification laws.
Coakley spoke at a business luncheon at the Massachusetts’ Advanced Cyber Security Center (ACSC), where she was reaching out to business leaders to assure them that compliance with the regulations would not be burdensome if they simply complied with the notification requirements.
Coakley herself was a victim of identity theft recently and her stolen credit card details were used to successfully make fraudulent iTunes purchases.
Has Apple’s luck run out in denying there might be an issue with iTunes security?
Perhaps Coakley should contact Apple’s friends at the San Francisco Police Department to help track down the thieves?
It will be interesting to see the results of the investigation, but I think Coakley is barking up the wrong tree.
While there are many creative criminals trying to leverage iTunes to launder their money and steal content, none have been the result of a data breach at Apple (to my knowledge).
Does Apple have some responsibility in all of this? Sure. They have not put in technical measures to better secure iTunes accounts or purchases made from iOS devices.
Many users choose poor passwords for iTunes and the App Store because they must enter this password from their mobile device. Entering a complex 20 character passphrase with punctuation isn’t something most of us choose to do from our phones.
The other common problem is password re-use. Many friends of mine have had their iTunes accounts compromised after other major data loss events at other organizations.
Attackers will frequently use purloined emails and passwords to attempt authentication at Facebook, Twitter, Gmail and iTunes. If you aren’t using unique passwords for sensitive accounts you may have your account used for a scam as well.
While it might be a pain to have a secure password for your iTunes purchases, it’s your credit card and reputation that’s at risk. Choose a passphrase wisely.
If the Attorney General’s office finds Apple in breach of the Massachusetts law it could have far reaching implications for businesses with customers in the state. Follow Naked Security for further developments to this story.