Apple says that leaks from its "suppliers" is a risk for the company.

Apple says it takes steps to protect its valuable internal data.

But lots of valuable information about the new iPhone was public before it launched.



Apple is famously secretive. Its goal is to "surprise and delight" and it's a lot easier to surprise when customers or competitors don't know what Apple's planning to launch next.

But Apple fans and investors know there's one reliable source for iPhone gossip: Apple's Asian supply chain. Most public information about new Apple products first trickle out through a series of various analysts, rumormongers, and journalists covering the companies that sell parts and assemble computers for Apple.

Now, Apple is specifically calling out these leaks from its factories in its latest 10K report filed with the SEC, warning that the leaks could ultimately hurt Apple's reputation or even its bottom line.

"The Company’s business also requires it to share confidential information with suppliers and other third parties. Although the Company takes steps to secure confidential information that is provided to third parties, such measures may not be effective and losses or unauthorized access to or releases of confidential information may still occur, which could materially adversely affect the Company’s reputation, financial condition and operating results," stated the report, which was published on Friday.

Basically: Apple does everything it can to protect its confidential information, but at some point, it has to send manufacturing files and other sensitive data to its factory partners like Hon Hai or Pegatron. At headquarters, Apple says it uses "systems and processes intended to secure its information technology systems," but Apple's own suppliers might not have the same level of security.

Apple also added language to its latest SEC filing about protecting health data, which Apple is increasingly collecting through its Health app and partnerships with medical providers. "Health data may be subject to additional privacy, security and breach notification requirements, and the Company may be subject to audit by governmental authorities regarding the Company’s compliance with these obligations," the filing stated.

The iPhone X leaked

A fake, nonfunctioning iPhone X model that was widely available before Apple's launch. YouTube/MKBHD This summer, certain Apple observers and executives took a bit of a victory lap after details of Apple's latest software release remained secret ahead of its annual developer's conference, WWDC.

"There were many topics covered yesterday that weren’t leaked, weren’t written up, weren’t with screenshots," Apple's head marketer Phil Schiller said in June. "And to me, the first thing I think about is I’m so happy for those teams that they got that moment, that they can go home to their kids and say ‘this is what I worked on’ and you can see, and it’s fun."

But a few months later, Apple's big Fall product launch was marred by leaks — first, from Apple's suppliers, and later from someone who appeared to have access to sensitive internal Apple information.

For months before the iPhone X was revealed in September, fake, plastic models of the phone were available from Alibaba and other online retailers. These models had measurements which ended up being identical to the phone that was eventually released, suggesting that there were files with exact device measurements available to certain manufacturers before launch.

Later, several other details about the iPhone X were revealed in an accidental software update for HomePod, a smart speaker Apple plans to release in December.

But that's not the biggest leak Apple saw this fall. The weekend before Apple's big launch event, a list of URLs linking to unreleased, confidential Apple software, including the software for the iPhone X, were sent to Apple-focused blogs and posted on Reddit.

These files uncovered other details about Apple's new phone, including its name, "iPhone X," and one of its banner features called Animoji. Although it's unclear who posted the URLs, they clearly came from someone with deep access to unreleased information, so either a very close partner or an Apple employee.

Apple says that although lots of businesses face attacks from people to get into its systems, it's at greater risk because "of its high profile and the value of the confidential information it creates."

That confidential information just happens to include the iPhone it's already working on for next year.