According to three sources with knowledge of what happened, Apple gave some user data to a hacker group that forged legal requests for the information in a social engineering scam.
The hackers tricked Apple's staff into giving them data that included customer addresses, phone numbers, and email addresses, after sending forged emergency data requests.
Emergency requests that are used in cases of imminent danger do not apply to this information because it is typically provided with a search warrant or subpoena from a judge. When asked for comment, Apple did not confirm that data had been shared.
In response to a request for comment, an Apple representative referred Bloomberg News to a section of its law enforcement guidelines.
The guidelines referenced by Apple say that a supervisor for the government or law enforcement agent who submitted the request "may be contacted and asked to confirm to Apple that the emergency request was legitimate," the Apple guideline states.
Meta said in a statement that it is working with law enforcement on the suspected fraudulent requests that it gave to the hacker group. Information obtained from Apple, Facebook, and others could be used in financial fraud schemes.
The requests were sent from hacked email domains belonging to law enforcement officials from multiple countries and were crafted to look legitimate with forged signatures of real or fictional law enforcement officers.
Some of the forged legal requests that were sent to various companies in 2021, are linked to a cybercrime group known as the Recursion Team. The Lapsus$ group that attacked Microsoft and other companies has at least one minor involved who is located in the United States and the United Kingdom.
Lapsus$ shared a post on Telegram claiming to have stolen 70GB of data from international software developer Globant, and the data captured shows a folder called "apple-health-app."