MacMost Q&A Forum • View All Forum QuestionsAsk a Question

Do You Trust iCloud Drive With Documents Containing Sensitive Information?

I have not been storing documents like taxes, health care related reports, financial account reports, etc. in any cloud based storage systems because it seems that a lot of them have been hacked. I have the documents that contain our social security numbers, financial account numbers, medical information that contains personal identify information, etc. only on my iMac. That means I cannot access them on my MacBook Pro, iPhone or iPAD. I am just wondering if you trust iCloud Drive with these type of documents? I have not heard any reports of Apple being hacked. All of my devices are running the latest releases.
Bill H.

Comments: 2 Responses to “Do You Trust iCloud Drive With Documents Containing Sensitive Information?”

    2 years ago

    Have cloud-based storage systems been “hacked?” Certainly, many online sites and services have been subject to data breaches, where information has been potentially stolen. But there is a big difference between a database at a website with user information and cloud services that store files. In most cases, when a site or service is hacked, it is because they didn’t store their data in an encrypted format. Or, they did encrypt it but had a way to decrypt it with admin or master accounts.

    But cloud storage of files is different. The files are encrypted. And the only way to decrypt them is using the key (password). Done properly, there is no way for even an admin or master account to decrypt those files without the user’s encryption key. They can do this because storage services don’t ever need to access these files. They just store them. Web sites and services can’t do this because they need to get to the data. For instance, Facebook needs to send you emails, so it can’t store your email address in a way it can’t read it. And if Facebook can see your email address, then if someone breaks their system, they can see those email addresses too.

    But even if someone were to break into a cloud storage service, all they would get is the encrypted data. Only your key can decrypt it.

    So, theoretically, anything you store in a good cloud storage service can’t be read by anyone without your encryption key. Even the owner of the cloud service. That’s true with iCloud.

    I say theoretically because there is always a possibility. The most obvious one is to use social engineering to get you to give up your iCloud password. In that case iCloud isn’t hacked, just your account.

    You’ve got to weight the options. One the one hand you have the unlikely chance that someone gets your password. On the other hand, you have a good way to have your information handy, and the file exists in a form that would survive a disaster that takes your computer and local backup. For me, I also like to have that info available when traveling too.

    One thing you can do is to save information like this in a password-protected PDF. Then even if someone gets access to your iCloud account by stealing your password, they have a second password they need to decrypt the PDF. You can password-protect Pages documents too. And others.

    Bill H.
    2 years ago

    Thanks Gary. I appreciate the understanding of cloud storage always being encrypted by your account password. I had wondered if that was the case but did not know.

Comments Closed.