Apple reportedly paid a "multimillion-dollar" settlement to a female student after two iPhone repair technicians posted her explicit photos and a sex video to her Facebook page.
According to The Telegraph, the incident occurred in 2016, when the woman — then a 21-year-old student at the University of Oregon — sent her iPhone to Apple for repair. The phone was then given to a repair facility run by the Apple contractor Pegatron in Sacramento, California, and it was there that technicians accessed her personal files.
- iPhone 12 review
- Here's how to stop apps from tracking you in iOS 14.5 or later
- Plus: iPadOS 15 new features, release date, beta and compatibility
According to legal findings seen by The Telegraph, the two unnamed technicians found sensitive content and posted “10 photos of her in various stages of undress and a sex video” to her Facebook account, as if she had uploaded it herself. It was only removed after the woman's friends notified her.
Lawyers for the victim threatened to sue Apple, citing invasion of privacy and "severe emotional distress," and reportedly demanded $5 million in damages during negotiations. The eventual settlement term cannot be revealed and the woman is not allowed to speak about the incident.
Tom's Guide has been unable to independently verify the report or settlement terms.
The settlement only came to light because Pegatron was in a separate legal battle with its insurance company, which reportedly refused to compensate it for the amount it had paid to Apple to cover the payout. Apple was apparently referred to as "customer" during this separate lawsuit, to try to keep the case confidential. Apple was then named as the customer during a separate, unrelated lawsuit.
An Apple spokesman told The Telegraph, "We take the privacy and security of our customers' data extremely seriously and have a number of protocols in place to ensure data is protected throughout the repair process. When we learned of this egregious violation of our policies at one of our vendors in 2016, we took immediate action and have since continued to strengthen our vendor protocols."
Unsurprisingly, the two technicians were fired.
In the opinion of one iOS hacker, who goes by @s1guza on Twitter, customers should take certain steps before taking their phones into Apple. These steps include attempting to do a repair independently, look to buy another iPhone, or, if absolutely necessary, backing up and completely wiping your device before handing it over to Apple.
My advice if your phone needs repair:1. Try a 3rd party repair shop.2. Consider an iFixit kit and DIY repair.3. Scout for a used phone.4. If you HAVE to go to Apple, back up your phone & do a complete wipe.5. Buy a new phone.Never tell your passcode to an employee. EVER! https://t.co/lpYc3Zc5PHJune 7, 2021
Siguza also believes that if a user is unable to wipe their device for whatever reason, they should not take it to Apple, or any other repair technician, that asks for their passcode. Deleting content is not enough either, as a user's passcode or associated data could be used to get to their AppleID, which is linked to all of their Apple devices. Siguza argues that Apple doesn't really need a user's Apple ID to perform a repair, as it has the tools necessary to likely get the job done.
Tom's Guide doesn't necessarily endorse Siguza's recommendations, but likewise doesn't understand why technicians should need your Apple ID and password to repair your iPhone.
Apple has touted privacy as one of its major selling points. It's also why the company has lobbied against right to repair laws, as it believes only it can do an adequate job of ensuring user security.