The names and personal details of over 144,000 iPad owners have been leaked after a group of hackers took advantage of a security vulnerability at telco AT&T’s private business network.
White House chief of staff Rahm Emanuel, New York Times company chief executive Janet Robinson and New York mayor Michael Bloomberg are among the names on the list, which includes the personal details of celebrities in the finance, politics and media industries.
It is the second major leak this year for the usually secretive Apple, after pictures and videos of a leaked iPhone prototype spread through the internet in April.
The data, which was distributed by a hacking group known as Goatse Security, was first published by Silicon-Valley based Gawker Media – the same group which found itself in trouble earlier this year for publishing images of a leaked iPhone prototype.
The list features names and email addresses of iPad owners in large corporations including JP Morgan and Goldman Sacs, along with staff at the Pentagon, Department of Justice, NASA and the capitol in Washington DC.
The problem has even sparked an investigation by the FBI.
The list belongs to telco AT&T, which is the exclusive carrier for the iPhone and of data plans for the iPad in the US. In a statement, the company said it will let the 144,000 customers know their details had been compromised.
“The only information that can be derived from the ICC IDS is the email address attached to that device,” it said.
“We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained. At this point, there is no evidence that any other customer information was shared.”
The incident is a blow to AT&T, which already suffers heavy criticism from US iPhone users. The telco is the exclusive carrier of the gadget, but users and analysts alike have criticised the limited reach and reliability of its networks.
Additionally, staff in the organisations listed in the leaked data have already begun to react. The New York Times has reportedly emailed its staff telling them to “turn off your access to the 3G network on your iPad until further notice”.
Many are concerned the vulnerability used to obtain the data could be used again to access other information including banking details and phone numbers.
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS… The person or group who discovered this gap did not contact AT&T. We take customer privacy very seriously and while we have fixed this problem, we apologise to our customers who were impacted.”
While Goatse Security exploited a vulnerability to obtain the data, it maintains its intentions were genuine. The group has previously revealed vulnerabilities in the Mozilla Firefox and Apple Safari web browsers.