AT&T is refusing to say how many iPad 3G customers had their private information compromised in a security breach last month. So much for the company’s promise to “shed some more light” on the situation.
After security research group Goatse Security obtained network identification numbers and email addresses for at least 114,000 iPad customers, our colleagues at Gizmodo asked AT&T chief security officer Ed Amoroso just how many accounts were affected in total. After all, while Goatse Security provided Gawker with information on 114,000 customers, the group also shared its script with third parties prior to contacting AT&T, as we reported at the time, meaning every iPad 3G user may have been exposed. Amoroso told Gizmodo that AT&T was “doing the forensics as we speak” and until they were done, there’s “no way of validating the number of addresses.” Amoroso promised to “shed some more light” on the situation once AT&T’s investigation was complete.
Apparently he just meant the letter AT&T sent to customers, apologizing and blaming Goatse for “maliciously” exposing its security issues. AT&T is refusing to release an actual count of affected users, as Amoroso implied it would. A statement sent to us from the company reads, “”We’re not disclosing totals or confirming the number that ran in media reports.”
That is, of course, the company’s right. But it’s going to do little to assuage customers worried about AT&T’s attitude toward security and willingness to acknowledge its security problems, especially in the wake of the company’s decision to lay off a reported 200 peoplein its top security office just weeks before the iPad’s debut.
Just today, the New York Times notes that while other companies like Google and Mozilla actually pay security researchers to find holes in their systems, AT&T seems to “just wish the hackers would simply go away.” And that people would stop talking about them, apparently.
[Photo via Getty Images]
Send an email to Ryan Tate, the author of this post, at firstname.lastname@example.org.