The Cost of iCloud’s Celebrity Security Breach

Shortly before revealing the iPhone 6 to the world, Apple was once again in the headlines. But this time around, the revelations were anything but welcome, except perhaps to sexual voyeurs.

Related article: Apple Pay vs. Google Wallet: a Comparison of Mobile Payment Systems

Nude and sexually provocative photos of female celebrities including model Kate Upton and actresses Jennifer Lawrence and Kirsten Dunst were distributed over the Internet without their consent. The overexposure was attributed to a deliberate, targeted breach of the victims’ individual iCloud accounts rather than generalized security breaches like those that have plagued Target, eBay, and other merchants.

While Apple has made a point of emphasizing the distinction, Wired has speculated that lawsuits against Apple are likely to happen anyway, and that such lawsuits could benefit more than the plaintiffs. Even if none of the women whose accounts were violated brings legal actions, the potential implications against Apple and the entire Internet-based economy could be substantial.

Data breaches vs. information breaches

Security concept: Lock on digital screen

While the end result is generally the same, data breaches are different from information breaches. Data breaches result from the illegal breach of sensitive information concerning one or more individuals. Information breaches result from generalized computer hacking or computer theft, followed by unlawful access to information within the computers or networks (LawyersandSettlements).

The type of violation that occurred with the iCloud accounts of the targeted individuals is best classified as a data breach. Understandably, this distinction is often lost on the victims of security breaches, never mind the public.

The catch-22 of privacy agreements

Terms and Conditions Fake

Apple may find protection against lawsuits concerning the iCloud breach from its privacy policy, claiming that it provides adequate disclosure of potential risks to users. Furthermore, Apple may attempt to shift at least some of the liability for the breaches onto the victims, by attempting to determine whether they utilized sophisticated passwords or other strong security measures to protect themselves (Load the Game).

Finally, since the breach was accomplished through what is called a brute force attack, Apple may claim that its security system as not negligent, and the company should not be held liable. Apple may also claim that forcing more stringent security measures on its consumers would present an undue burden – and would scare away customers.

Should the FTC get involved?

FTC Building

Lawsuits for data breaches rarely see trial. Instead, they are either dismissed or settled, like the May 2007 class action lawsuit totaling a minimum of $2.5 million and a maximum of $6.5 million by TD Ameritrade, Inc. to plaintiffs whose email addresses were improperly exposed. Individual class members were entitled to receive between $50 and $2,500, depending on the extent of their losses (Bloomberg BNA).

In recent years, such settlements have become more common as breaches continue, but no long-term strategies have emerged to tackle the issue. The law continues to lag badly behind rapidly developing technological innovations.

According to Wired, it’s possible that the Federal Trade Commission could view the sort of brute force attack as a known risk, given that Twitter suffered a similar attack in 2009 and acted to reinforce its security measures in response. Wired has even gone so far as to suggest a lawsuit by one or more of the targets of the attack against iCloud could set a useful precedent.

While it’s unlikely that legal action would result in compensation to plaintiffs like Jennifer Lawrence, a court case could set precedent to protect future users, or inspire the FTC to impose regulations to shore up security.

Possible repercussions for Apple Pay

Apple Pay

One possible outcome is that Apple and other Internet based companies may be moved to act to protect their bottom line. Apple recently introduced Apple Pay, a mobile payment system designed to allow Apple to compete with systems such as Google Wallet and Softcard. With the introduction of Apple Pay, Apple was careful to state that its security system was not wedded to that of iCloud.

But consumers are already skeptical of mobile payment systems. In a recent survey administered by Thrive, 46% of respondents cited security concerns as a reason for not using mobile wallets. If consumers fail to accept Apple’s distinction between iCloud and Apple Pay, they could stay away in droves, causing the fledgling system to fail before it gets off the ground.

Not even celebrities are safe from security attacks

Jennifer Lawrence Security Breach

Although it is certainly not fair, present circumstances leave wary consumers with only one sure means of protecting themselvesrefraining from posting any questionable content online or by using a cloud-based system.

Women in particular are vulnerable to sexually-based internet attacks. The most recent incident demonstrates that even celebrities aren’t safe from such violations of privacy.

ContributorsAudrey Henderson


Need cash in a hurry but don’t know which personal loan company you can trust? SuperMoney is here to help you find the best options for all your loan needs.