Several Employees Fired After Data Mix-Up

April 20, 2010

Several employees of the Legacy Village (Ohio) Apple store were fired today—both in person and by telephone—after personal information from a repaired computer was mistakenly transferred to another customer’s Macintosh during a data restore operation. According to several sources, the stores have a standard procedure and method of backing up and restoring hard drive data from customer computers brought in for service. The procedure ensures that data from one back-up is completely deleted after the restore to maintain privacy of all customer information. In this case, an employee backed up a customer’s computer to an external hard drive last month and performed the necessary service. However, a previous customer back-up had not been deleted from that hard drive. When the employee restored the data to the repaired computer, it included the back-up from the previous repair customer, including financial data, photos and videos. After the customer picked up the computer, he/she discovered another person’s personal information on the laptop. The customer contacted the Apple store, and an investigation was begun to determine how the privacy breach occurred. According to sources, the store’s video surveillance tapes revealed that 10 employees had not followed Apple’s procedure for making backups and performing restores on customer computers. Today, those employees were fired for violating the company’s customer data security policy. Sources say there remains a question if those who were fired had been properly trained on Apple’s standard backup/restore procedures. The two involved customers were compensated for the employees’ mistake: they were given Apple gift cards, new Mac computers and a subscription to the LifeLock identify theft protection plan.

Share this news!
  • Twitter
  • Facebook
  • Digg
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
E-mail this story E-mail this story

{ 24 comments… read them below or add one }

NotTellinYou April 21, 2010 at 0759

Didn’t happen. No way Apple gave someone “LifeLock” the BS service that’s been fined by the FTC for deceptive practices etc.

Reply

John Koetsier April 21, 2010 at 0820

Ouch – fired. Yikes … that’s pretty severe.

Reply

Jocca April 21, 2010 at 1048

I think Apple takes the privacy of its customers at heart and I can understand why they are dealing so harshly with employees who are lackadaisical about safeguarding personal data, in spite of all the trainings they have received. This kind of mistakes if not addressed head on, can cause a ton of damage to the company business model.

Reply

Mike April 21, 2010 at 1608

I work at that location, it most definitely did occur and all the details seem to match what happened, but it was 6 employees fired. Lifelock was purchased for 3 years for both customers.

Reply

Gary April 21, 2010 at 1657

Management approved the use of these!

Reply

BobOnnit April 21, 2010 at 1734

Considering Apple has no formal procedure for securing personal data this shouldn’t be surprising. Technicians routinely access personal information during the course of repair, and as far as data transfers go, there is no policy available on how this should be done. Are the DMGs encrypted? What is the data retention policy? What prevents a technician from copying personal data via a USB drive, etc? What specific technical and procedural safeguards are in place to prevent the disclosure of personal information? The answer to these questions speaks for itself.

Reply

George April 24, 2010 at 1329

That is not my experience. I have suggested methods to diagnose problems at the genius bar and they have declined those methods because they would violate Apple’s privacy guidelines. Even after I suggested I was OK with it, they would continue to decline. It very much seems a company policy.

Reply

SomeFRS May 15, 2010 at 2237

This is absolutely not true. Apple has strict policies for Migrating and Transferring Customer data. A similar event nearly happened at the ARS location I work at. Luckily, it was caught by employees before the customers got their computers back. Apple has a clear guide on how to complete Mac to Mac and PC to Mac data migrations, and it clearly states failure to follow data security policy will result in termination.

Reply

Mark Daniels May 24, 2010 at 2125

Actually Apple does have a very specific policy on customer data. The data is stored on a server in the repair room. This server is not connected to any networks at all, and it is setup with very strict security measures. Granted the Mac Genii that work in the genius room have access to the said data, they typically take their jobs very seriously and don’t get the data mixed between machines. Once a customer picks up the machine from repair, that data is removed off of that server. This IS policy, if someone didn’t delete the information like they are supposed to, then that was an unfortunate mistake. Apple does not hold customer information at all once that machine is out of the store, unless directed by management. Techs typically don’t get involved in customer data, they secure it for repair purposes.

Reply

PureGenius April 21, 2010 at 2130

I worked at an Apple Store a long time ago as a genius and I am disconcerted by the posts that I see here.

First, no current Apple employee should be commenting on a website about anything Apple-related. Period. Apple takes it very seriously. I’ve seen employees terminated for violating that.

Second, the policies regarding customer data and privacy are crystal clear and are not anything that should be shirked, ‘interpreted’ or ignored. Hence the firings. I find it very difficult to believe that management approved the use of these external hard drives and actually read or understood the policy. Either way, it was ignorance or a break in policy.

@Gary: How do you know management approved it? Do you also work there?

Since my NDA expired, I’ll share some information. Mind you, these are old policies but I doubt they have changed much.
• DMGs were not encrypted. Systems were backed up by Disk Utility.
• Customer disk images are stored on a standalone server. It is not even connected to a network.
• Immediately after pickup, the data was removed from the server.
• Technicians were forbidden from carrying USB drives in store

There’s not really anything that prevents a technician from doing bad things except their own desire to do the right thing for a customer. Obviously, something at this location was lost along the way. Very unfortunate.

Reply

oakie December 13, 2010 at 1301

(to begin, i’m aware of the article and comment dates. i’m simply replying because i’m sure the commenter is the type of person who made sure to check the box next to: “E-mail me when new comments are posted to this news item.” his overserved sense of self-importance compelled him to do so.)

@PureGenius
“I worked at an Apple Store a long time ago as a genius and I am disconcerted by the posts that I see here.”

- your comment should have ended here. in fact, to save wear and tear on the computer you can probably barely afford, you probably should have just read the article then moved on. but of course your overindulged sense of self-importance required you to have to “set the record straight,” and that’s understandable for someone like yourself.

“First, no current Apple employee should be commenting on a website about anything Apple-related. Period. Apple takes it very seriously. I’ve seen employees terminated for violating that.”

- you left out “Retail” after every time you typed, “Apple.” you said it yourself that you were once employed as an Apple Genius, therefore you were level one customer support for Apple RETAIL. you dont work for Apple corporate and the only secrets you have pertaining to Apple is retail pricing, wholesale cost, and the password for your guest account to access a terminal at work.

“Second, the policies regarding customer data and privacy are crystal clear and are not anything that should be shirked, ‘interpreted’ or ignored. Hence the firings. I find it very difficult to believe that management approved the use of these external hard drives and actually read or understood the policy. Either way, it was ignorance or a break in policy.”

- you were a “Genius,” not management. therefore, you cannot speak for management procedures and policies, especially in regard to a retail location you yourself werent employed at, as a “Genius.”

@Gary: How do you know management approved it? Do you also work there?

- refer above: you were never management nor did you work at the location referred to in the blog post, thus you are straying way outside your element. you can only call someone out if you are, at minimum, associated directly with the accused or witnessed firsthand the original action being called into question.

“Since my NDA expired, I’ll share some information. Mind you, these are old policies but I doubt they have changed much.
• DMGs were not encrypted. Systems were backed up by Disk Utility.
• Customer disk images are stored on a standalone server. It is not even connected to a network.
• Immediately after pickup, the data was removed from the server.
• Technicians were forbidden from carrying USB drives in store”

- OMG, REALLY?! HOW EXCITING! but seriously though, you’re taking yourself WAY too seriously, pal. you worked at Apple RETAIL. replace “genius” with “geek squad” and “apple retail” with “bestbuy” to give yourself real perspective of your previous employment with Apple Retail.
- oh and BTW, your second bullet point especially cracked me up. FYI, if a “standalone server” is not connected to some type of network, then it’s not a server. for a computer to be considered a “server”, it has to be connected to a network with at least one other terminus other than itself, otherwise it’s unable to actually SERVE anything. at that point, it’s simply just a computer.

“There’s not really anything that prevents a technician from doing bad things except their own desire to do the right thing for a customer. Obviously, something at this location was lost along the way. Very unfortunate.”

- my, how you are able to extrapolate such inspiring words of wisdom and warning. too bad you stated previously that there are policies in place that prevents technicians from doing bad things. of course policies will deter most and only stop those who get caught. but even you said it yourself that there are actual things in place to prevent a tech from doing bad things, yet now you say there isnt anything? care to make up your mind on this one?

whether you were laid off, your mother moved to a town without an Apple Store, were terminated, or headhunted by the Geek Squad, the bottom line is that we’re all better off as owners of Apple Computers still under warranty, that you no longer work as a technician for Apple Retail. and a free tip to help make you more socially acceptable: you’re not nearly as important as you think you are. in the genus of corporate America, your equivalent being in the animal kingdom would be the cockroach: unliked, unclean, and beneath everybody.

have a merry xmas, happy chaunukkah, diwali, kwanzaa, festivus, solstice, or whatever it is you celebrate, and a happy new year!

Reply

whatsup February 23, 2011 at 2312

What a bitter dude you are. I’m sorry that you didn’t make it past round one of the hiring seminar.

Reply

Jose Menez April 21, 2010 at 2317

If Apple Corporate were ever to take the complaints against the management at the specific store seriously they would realize the management needed to be replaced several years ago… The firings of the people responsible may be warranted.. however the Titanic didn’t sink because of the decisions of the 3rd class passengers…

Reply

Ex-Genius April 22, 2010 at 0826

As a former Apple “Genius” (terrible job title), I’m not surprised. I liked working for Apple, had a good time there and all, but the store where I worked at, one of the first things that used to be done (and potentially still happens) was go over customer’s photos.
And it was consistently done by most of the genii (I’ll admit, I did it a few times), including the lead. I know there were other stores in this city where that was a “fun” and “usual” practice.

Reply

Anthony April 23, 2010 at 1724

@Jose: high five for he awesome analogy.

Reply

White City Guy April 25, 2010 at 1552

LOL, well its happens a lot here in the UK Apple Stores. Nothing like that happens where we sack the boot, just sorry to the customer and their repair is free of charge. ;p

Reply

Greg May 2, 2010 at 0807

To the comment in the article about “Sources say there remains a question if those who were fired had been properly trained on Apple’s standard backup/restore procedures” – I have to say this seems exactly correct.

As a former Apple Technician – we rarely handled customer data past on their own computer. Backups and the like were very rarely done, and data transfers were always direct one computer to another. I always found the enforcement of data security and the training on keeping private information private lackluster to say the least, and can not say I’m surprised this happened. It was only a matter of time. Apple needs to look at their management for sure!

Not to say that the firing of these employees wasn’t warranted, it sounds like they were carelessly stupid about protecting data, but perhaps this is partly because they were not trained on protecting data!

Reply

Joe May 6, 2010 at 1547

You pay these kids $10 an hour and expect them to be professionals. You get what you pay for.

Reply

Nunya August 15, 2013 at 1749

Get paid more than that but nice try.

Reply

Current Employee May 11, 2010 at 1206

I can’t speak to the past or to overseas but I am a Genius right now in a US store and we do NOT do backups for any reason. Corporate policy is that no customer data ever goes on our harddrives or computers nothing.

the customer must do ALL backups at home. if they don’t and we have to wipe the drive etc, tough shit on them. We make them sign a form that says that they have done whatever backups they feel are needed and understand that we do NOT do any kind of data backups or recovery. Not on a computer, a phone or anything.

We are not even allowed to do a data transfer and set up off a hard drive. You gotta bring in a working computer and it goes from your old one to your new one and you take both of them with you.

If these folks were indeed fired it was NOT for failure to properly back up and erase the data. It was that they violated policy and did the back up in the first place, which they were not supposed to do.

Reply

Gary May 11, 2010 at 1346

Thanks for the additional insights into the Genius repair process. It’s helpful to know that Apple has procedures in place to ensure the confidentiality of data. The procedures simply have to be followed.

Reply

Mark Daniels May 24, 2010 at 2133

This is actually completely incorrect. Apple has a backup procedure that customer’s can pay for before they send machines to Depot for repair. There is a designated server that stores the information that only technicians have access to. I’m not sure what “policy” you’re talking about, but it is far from the facts that Apple does not allow customer backups to be in the store. The ONLY type of backup that techs cannot do is backup customer’s iPhone data. Unless specifically told to do so by a manager, and this is a very specific violation of policy, but managers have the okay under a case by case basis. So I’m calling you out buddy. I think you are full of your “policies” man.

Reply

lol January 7, 2011 at 2326

LOL!!!!!!!!

Reply

Actual Employee update April 24, 2013 at 1524

Just reading back on this article… lucky apple puts no customer data on ANY of the apple systems anymore. It only remains on customer drives :)

Reply

{ 1 trackback }

Leave a Comment