2 min read

US Phone Service Exposes Millions of Messages Between Inmates and Their Friends and Families

Filip TRUȚĂ

September 07, 2020

US Phone Service Exposes Millions of Messages Between Inmates and Their Friends and Families

Telmate, a company that facilitates monitored inmate communications with the outside world, has exposed a large database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts.

Bob Diachenko, a security researcher with Comparitech, discovered the unsecured database on August 13 and immediately reported it to Global Tel Link, which owns Telmate.

The company secured the database in less than three hours but, according to Comparitech”s Paul Bischoff, “it”s possible that other unauthorized parties accessed it prior to Diachenko”s disclosure.” Bischoff”s theory apparently more than holds water. Databreaches.net claims “it definitely happened, as [it] had been contacted about this leak prior to Diachenko”s discovery.”

Comparitech notes that, based on samples of the data, the exposure likely impacts prisoners in facilities everywhere that GTL operates. Since GTL is the largest provider of prison telephone services, commanding about half of the US market, the leak is massive, to say the least.

Many of the records seem to be collected from prison-issued tablets running Telmate”s GettingOut service. The database contained three indexes, including 227,770,157 message records, 11,210,948 inmate records, and 78,885 administrative records containing login details for the Telmate dashboard.

“The login details for Telmate”s dashboard are used by personnel at prisons and jails to access call and message logs,” Bischoff explains. “Their exposure could give hackers the means to break into those systems and steal call recordings or other data.”

The leak includes conversations between inmates and their friends and families. Leaked prisoner records include full name, offense, facility and account balance. Call and message recipients” details recorded in the database contained full name, email address, phone number, street address and driver”s license number. Anyone who had access to the data prior to Diachenko”s discovery could use it in phishing scams and fraud, or even for harassment.

GTL made the following statement following Diachenko”s discovery:

“Telmate, a GTL subsidiary immediately locked down the server as a precaution upon being made aware of a vulnerability in the data system due to the actions of one of our vendors. This vulnerability was swiftly corrected, the data security team was immediately supplemented with the assistance of third-party consultants and we continue to work closely with law enforcement authorities as we conduct further inquiry into this incident. Based on the current facts of the investigation, no medical data, passwords, or consumer payment information were affected. We continue to speak with and notify necessary parties, including the affected Telmate customers – a small subset of all GTL customers – about the incident and the actions we have taken to safeguard data.”

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read