Apple paid millions of dollars to a student after iPhone repair technicians posted explicit photos and videos from her phone to Facebook, legal documents have revealed.
The tech giant agreed a settlement with the 21-year-old after two employees at a repair facility uploaded the images from a phone she had sent to Apple to be fixed, resulting in "severe emotional distress".
The incident, which occurred in 2016 at a centre in California run by Pegatron, an Apple contractor, is one of the most significant privacy violations to be revealed at an iPhone repair facility.
Apple has often argued that its control over how its devices can be fixed helps to protect customers' privacy, lobbying against legislation that would make it easier for third parties to fix its electronics.
Legal filings show that the unnamed victim, a university student in Oregon, sent her phone to Apple after it had stopped working.
While it was being fixed, the two technicians posted "10 photos of her in various stages of undress and a sex video" from her Facebook account, in a way that suggested she had uploaded them herself. The images were only removed after friends informed her that they had been posted.
The exact size of the settlement was not disclosed, but was described in filings as a "multimillion-dollar" sum, and that lawyers for the individual had demanded US$5m in negotiations.
Lawyers for the victim had threatened to sue for invasion of privacy and infliction of emotional distress, and had warned of the "negative media publicity" that would accompany a lawsuit. The settlement included a confidentiality provision that prevented her from discussing the case or revealing the size of the payout.
The incident emerged during a legal dispute between Pegatron, which had reimbursed Apple for the settlement, and its insurers, which in turn refused to foot the bill. Apple was not directly named in the lawsuit, and was referred to simply as a "customer" throughout, in an effort to keep the matter confidential.
Apple was only recently named as the customer during a separate, unrelated lawsuit against the iPhone maker, and the company confirmed the incident to The Telgraph. The breach happened at a Pegatron facility in a suburb of the California city of Sacramento where Apple has a substantial presence.
In legal filings, Apple had argued that making details of the settlement public could "irreparably harm" it and cause "substantial business harm". It insisted on confidentiality throughout, with many of the details of the incident sealed.
The incident triggered an "exhaustive" investigation by Apple, according to the filings, with the two individuals responsible for posting the images fired. The case was dismissed after Pegatron and the insurers settled privately.
Apple, as well as trade groups representing the company, have argued against "right to repair" laws that campaigners say would make it easier for independent technicians to fix devices, claiming that this would jeopardise safety or privacy.
The company told a US committee in 2019 that its oversight of iPhone repairs ensures a "safe and reliable repair".
An Apple spokesman said: "We take the privacy and security of our customers' data extremely seriously and have a number of protocols in place to ensure data is protected throughout the repair process. When we learned of this egregious violation of our policies at one of our vendors in 2016, we took immediate action and have since continued to strengthen our vendor protocols."