[BreachExchange] Telmate data breach leaked personal info for millions of prisoners

[Destry Winant]

https://www.engadget.com/telmate-millions-inmate-data-exposed-041456225.html

Telmate, a widely used prison phone service, left millions of inmates’
and their contacts’ data exposed online, according to Comparitech. The
company is behind an app called GettingOut, which gives prisoners a
way to make monitored voice/video calls and to send texts to their
loved ones. Due to the nature of the service, the exposed data
included identifiable information and personal correspondences.

Comparitech security researcher Bob Diachenko discovered an unsecured
database in early August containing 11 million records of inmates and
their contacts, as well as 227 million message records. The prisoners’
records came with their full names, offense, religion, the facility
they’re at, their relationship status, the medications they’re taking
and even whether they identify as trans. Meanwhile, their contacts’
records included their names, their email, physical and even IP
addresses, their phone numbers and their driver’s license ID details.

Comparitech says Telmate owner Global Tel Link secured the database
within just a few hours after being informed. In a statement GTL
provided, the company blamed the incident on “the actions of one of
[its] vendors” and clarified that “no medical data, passwords, or
consumer payment information were affected.” But seeing as the
collection didn’t even need a password for access, bad actors could’ve
dowloaded it all, making the inmates and their contacts targets for
fraud, identity theft and phishing schemes. Worse still, the
information could subject prisoners’ contacts to harassment and
discrimination.

This security gaffe is far from the first controversy GTL and Telmate
have been involved in. GTL and its subsidiary have long been accused
of price gouging inmates and their families by charging them
exorbitant call rates. The defense attorneys Prison Policy Initiative
talked to even revealed that prison phone services have “shocking
billing practices that cause the actual call charges to be far higher
than the nominal published rates.”