AT&T's iPad data breach - Don't Panic!
The blogosphere and Twitterverse is hyper-ventilating today to the news that the the email addresses and SIM card ICC-IDs of 114,000 iPad 3G owners has been compromised.
My advice - Don't panic!
Yes, it's bad for AT&T. It makes it look bad (if that's at all possible at the moment). The company is doing pretty much the only thing it can right now - hunkering down and downplaying the breach.
It's also bad for Apple. AT&T is the only data provider for the iPad in the US, so Apple has chosen to align itself with the company, and so has to take the blame for that. So far Apple has been tight-lipped.
But is it bad for those involved? Well, not really.
OK, sure, leaked email addresses does, in theory, mean more spam. But it doesn't seem like the group involved in the hack will disclose the data to anyone (other than Gawker, I guess), so unless someone else exploited the hack before it was fixed, it's not an problem.
But what about those leaked ICC-ID numbers? Couldn't someone do something nefarious with those?
The answer is that this is unlikely. I've reached out for several contacts in the security community, and none feel that exposure of the ICC-ID of a SIM card is likely to cause problems as they aren't aware of any vulnerability that would make use of it.
So bottom line, unless you are AT&T or Apple, you can stop panicking and get on with your day.
Should you turn off 3G on your iPad, as the New York Times has suggested staff do? I wouldn't, but you have to make your own mind up and do what feels right to you. If you are worried and are told by AT&T that your data was compromised, request a new SIM which will have a new ICC-ID number, and put the worry behind you.
Problem solved.