Lawsuit Says Apple Store Receipts Raise Risk of Identity Theft
Apple receipts allegedly show the purchaser's full name, full home address, full phone number and full e-mail address.
Apple, known for zealously guarding information about its products, is being sued for revealing too much information about its customers.
A class action lawsuit against the company was filed yesterday in a Florida federal court alleging violations of the Fair Credit Reporting Act (FCRA) that put Apple customers at risk for identity theft.
Apple's offense: printing credit card expiration dates on Apple Store online receipts.
This violates a 2003 amendment to the FCRA which states: "No person that accepts credit cards or debit cards for the transaction of business shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the card holder at the point of sale or transaction."
In addition, the copies of Apple electronic receipts included as exhibits in the complaint show -- or would show were the information not redacted -- the purchaser's full name, full home address, full phone number and full e-mail address. The inclusion of this information, arguably, increases the risk of identity theft.
That's not to say any identity theft has actually occurred as a result of Apple's practices. "We're not alleging and we're not seeking any damages related to actual identity theft," said Matthew S. Sarelson, one of the plaintiffs' attorneys.
Rather, he said, the issue is the risk of identity theft and Apple's failure to comply with the law, even after a three-year grace period provided by Congress to allow merchants time to bring their business practices into compliance.
Most companies have complied with the law, said Sarelson, because the cost to comply is miniscule. The few that have not are being sued.
"Despite having had several years in which to bring itself into compliance with the law, and despite clear advance notice and communications regarding the need for compliance, [Apple] ignored the clear mandate of the United States Congress and the protections against identity theft and credit card fraud which the law addressed," the complaint states.
"Congress made clear that identity theft is a problem," said Sarelson. "It's a serious problem and it's a growing problem."
The expiration of the 2003 FCRA amendment's grace period on December 4, 2006, was effectively the "Get Set" signal in the litigation race. The "Go" was a Supreme Court ruling in June that said companies do not have to willfully violate the FCRA to be held liable for violations.
In July, Sarelson and the other attorneys suing Apple filed a series of lawsuits alleging violations of the FCRA against Burger King, Cobb Theaters, Intuit, and TGI Fridays. In California in January, several unrelated FCRA lawsuits were also filed by other attorneys, Sarelson said.
On Monday, Apple was sued in Texas for allegedly infringing upon a Michigan-based inventor's power adapter patents.
An Apple spokesperson said the company does not comment on pending lawsuits.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.