Today is a 2-for-1 blog entry. First, more news from Sony on a massive breach of private customer data. Then an update on the Apple iPhone location data story.
The L.A. Times reported this past Sunday that the late–April hack of a PlayStation users database at Sony’s San Diego operations center put 10 million credit card account holders at risk. Sony said that the credit card information was encrypted, but that names, addresses, email addresses and birth dates were not. The exposed information could be enough to put many of those people at very serious risk, even if the credit card numbers themselves have not been exposed. The New York Times reported that a subcommittee of the U.S. House of Representatives sent a letter to Sony asking for more information about the attack, when the intrusion occurred and whether Sony knew who was responsible.
Breaches of customer information seem to be becoming increasingly common, over time putting so many of us at risk of identity theft.
The other topic today is Apple’s use of location data associated with iPhone. I blogged about this back on April 22nd. Since then, on April 27th, Apple provided a Q&A article on the topic. Apple talks about using selective cache data to assist where location via GPS alone would be slow or impossible. This is consistent with what F-Secure said at the time.
Some of the things Apple says in that Q&A are a little less clear to me. Such as “the cache is protected but not encrypted” and when speaking about WiFi access points and cell towers around your iPhone, Apple says that some “may be located more than one hundred miles away from your iPhone.” Okay, how is the cache protected? And what good is information on a cell tower 100 miles away when trying to fix location? What seems a little more encouraging is that Apple says that they will issue a software update within a few weeks that will treat this location cache more carefully and delete it when Location Services is turned off.
My question for readers of this blog is this: Does a company’s track record for how they treat your personal data influence your choices? If you don’t like how your personal data is handled by Apple or Sony (or Google), are you willing to move away from their products? Could you live without iPhones and iPads? Without Playstation or Gmail?
I really want to hear your answers. What exactly do we think should motivate large companies to be careful with data about us, if not the threat of loss of business?
Please post your thoughts!