Kutak Rock partner Jon Breyer represents Michael Mathews, a Minnesota executive, in a lawsuit against Apple. Last month, Mathews’ iPhone was stolen while traveling. The thieves hacked into his phone, disabled his remote access by resetting the “recovery key,” thus taking control of his Apple ID and iCloud accounts and gaining access to 30 years of sensitive data, including Social Security numbers, passports, and financial information. Apple's maintains that if enabled, the “recovery key” is the exclusive way to recover an account. Mathews, unable to remotely access his phone or prove his identity, faced significant loss.

In the lawsuit, Breyer highlighted the security flaw in Apple's operating system, specifically regarding the optional "recovery key." According to Breyer, despite being aware of this flaw, Apple allegedly failed to address it and refused to allow victims to regain access to their accounts. 

Breyer emphasized the significance of the recovery key, a 28-character alpha-numeric code, and its exploitation by hackers. In Mathews' case, the thieves reset the recovery key after gaining access to his phone, leaving him unable to recover his accounts through this method. Breyer argued that Apple's policy, making the recovery key the exclusive way to recover accounts, created a dilemma for victims like Mathews, because Apple would not allow them to prove their identity through alternative means. This case sheds light on the security flaw and raises concerns about Apple's policies in handling such situations. The lawsuit seeks to get Mathews' accounts and data back and requests that the court award damages.

After filing the lawsuit, on January 22, Apple provided an iOS 17.3 update to iPhone users in an attempt to address the flaw.