What I find slightly unnerving is that Apple didn't make this clearer.
If they know that credit card information was not affected, they should say that. E.g. "Sensitive personal information (such as credit card data) was encrypted and cannot be accessed, ..."
It's reasonable to suppose that 'sensitive' includes credit card information, but as it stands it's something we have to interpret.
I'd suggest we all check our credit/debit card statements more often over the coming days, just to be sure. =)
>What I find slightly unnerving is that Apple didn't make this clearer.
Apple is not a startup. They were ranked 6th in Fortune 500 for 2013. They are going to be rehearsed, political, and vague with their descriptions. Were you actually expecting them to release a postmortem on their blog with a link to the GitHub repo with the fix?
Sure, but I don't think it's a bad idea to raise the median level of expected standards. It seems reasonable to ask for clearer reports and some kind of a postmortem.
One of the hopes for the notion of startups searching / optimizing in these kinds of niche spaces (transparency, communication on a more personal / no-bullshit level, whatnot) might be that these kinds of optimizations will hopefully change what is to be expected from IT businesses in general (at least in terms of communication and so on.) One can at least hope..
If they say X wasn't leaked while it was, they will open themselves for litigation. A company of Apple's size cannot afford to make mistakes there. So, they have to put in weasel words such as "such as".
Also, this isn't a postmortem (yes, we may never see one, it is premature to comment on that _now_)
I do see your point. It just seemed odd to me that they didn't take that simple step to clarify what is arguably the most pressing question on everybody's mind: is my CC/bank data safe?
This is most likely just me being too paranoid and literal, of course. =) In general I'm not too disappointed with how they've handled this - it could've been far worse.
If they know that credit card information was not affected, they should say that. E.g. "Sensitive personal information (such as credit card data) was encrypted and cannot be accessed, ..."
It's reasonable to suppose that 'sensitive' includes credit card information, but as it stands it's something we have to interpret.
I'd suggest we all check our credit/debit card statements more often over the coming days, just to be sure. =)