The study argues that breaches are becoming so commonplace that the only feasible way to protect consumer data is wider use of end-to-end encryption. (AP)

Apple defends encryption stance as study backed by the company reveals increase in data breaches

Adriana MaraisDecember 9, 23 Apple, iPhone

A recent study commissioned by Apple reveals that data breaches in the United States saw a 20% rise in the first nine months of 2023, compared to the entire year of 2022.

The iPhone maker paid for the research, conducted by Massachusetts Institute of Technology professor Stuart E. Madnick, about a year after it introduced a new feature that extends end-to-end encryption of data stored in iCloud. The study, which does not include findings on Apple’s data breaches, claims that data breaches are becoming so commonplace that the only possible way to protect consumer data is through the wider use of end-to-end encryption.

Such encryption makes it impossible for the company that stores the data – or anyone who might hack its servers – to decrypt a user’s data without also having access to additional information, such as a passcode for a user’s personal device. But this encryption method also makes it impossible for law enforcement to access data without the user’s knowledge, and has long been a point of contention between techies and government officials.

Britain is considering a law that would mandate access to private messages and has encouraged companies like Meta Platforms not to expand the use of end-to-end encryption.

However, an Apple-backed study found that hackers often attack tech companies because they provide services to high-value targets. For example, Microsoft was hit this year by Chinese hackers who managed to steal tens of thousands of emails from the US State Department.

According to the study, 98 percent of organizations have a relationship with at least one technology supplier that has experienced a data breach in the previous two years.

“In today’s interconnected world, virtually every organization relies on a wide variety of vendors and software. As a result, hackers need only exploit vulnerabilities in third-party software or a vendor’s system to gain access to data stored by each trusted organization about that vendor,” the study says.