Prison phone company blamed for data breach affecting thousands of users

altes telefon
(Image credit: (stock.adobe.com © Alex))

A company that provides telecommunications services to people in prison failed to properly protect the sensitive data it had on its users. As a result, the data leaked on the dark web, some victims’ identities were abused, and in some instances - their credit cards were fraudulently charged, as well. 

The news was revealed by the US Federal Trade Commission (FTC), which settled its case with Global Tel*Link Corp, with the settlement including two of its subsidiaries, too - Telmate and TouchPay Holdings. 

According to the filing, back in mid-2020, the company wanted to test a new version of a search software product. To that end, it copied a database holding entries on 650,000 real users to a test environment on Amazon Web Services (AWS). For roughly two days, the data sitting in the test environment was not protected by a password, or any other means of control. Two days later, the company was notified by a security researcher that the database was out in the open, but it was already too late. Even though Global Tel*Link locked the files down, they soon emerged on a forum on the dark web. 


Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Making things worse

The data that was stolen contained enough information to mount not just identity theft or phishing attacks, but wire fraud, too.

It included "full names; dates of birth; phone numbers; usernames or email addresses in combination with passwords; home addresses; driver's license numbers; passport numbers; location information; information about individuals' race, religion, and whether they are transgender; approximately 80,000 grievances submitted by incarcerated consumers to Facilities; and the content, dates and times, senders, and recipients of approximately 75,000 written messages that incarcerated and non-incarcerated users had exchanged using Respondents' services. 

In numerous instances, the written messages contained payment card numbers, financial account information, and Social Security numbers,” the FTC’s document reads.

The FTC also said that some consumers complained to the company, saying they found their sensitive data on the dark web: “Some consumer complaints also indicated that consumers had been alerted to fraudulent transactions on their credit cards following the Incident."

But that’s just the tip of the iceberg. Apparently, Global Tel*Link Corp only made things worse by falsely advertising it had never been breached. Also, it took nine months to notify the affected individuals and even when it did, it only notified a portion - some 45,000 people. 

Global Tel*Link Corp settled the case with the FTC by promising to upgrade its security practices and offer free credit monitoring and identity protection to affected users. The settlement doesn’t seem to include any fines.

Via Ars Technica

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Data Breach
US state sues T-Mobile over 2021 data breach which leaked data of millions
Outdoor photograph of a pair of hands holding a smartphone with navigator location points in the background
Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Security padlock and circuit board to protect data
Mexican fintech company Miio exposed millions of files of sensitive customer data
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why