Telmate Data Breach Leaked 11 Million Inmates’ Personal Convos

A massive privacy theft leaked Telmate’s data, including those of 11 million prisoners. The exposed details contained sensitive identifiers and confidential correspondences. It owed to the existence of the operation.

Telmate uses “GettingOut,” which helps inmates make video or voice calls tracked and send notes to their loved ones. Because of the function of the program, the revealed data contains personal messages.

In early August, Comparitech’s technology researcher Bob Diachenko discovered an unsecured archive containing 11 million inmate documents and their communications. The leak included 227 million messages. More than 78,000 administrative documents and Telmate dashboard login data were listed.

The leaked data includes their full names, religions, crime, medications, marital status, and gender. On the other hand, their contacts’ lists had their names, physical and IP addresses, passwords, phone numbers, and ID information for driver licenses.

Telmate data breach leaked personal info for millions of prisoners https://t.co/PdoC2xPpQS pic.twitter.com/x9RCXj9gkz

— Michelle Ann Garcia (@Michelle_Gar23) September 5, 2020

Telmate’s owner quickly addressed the issue, securing the breached database

Search engine BinaryEdge indexed the database on August 13. However, the data breach might have revealed sometime before that. Diachenko found the site. He promptly informed GTL the same day. Telmate ‘s owner, Global Tel Connect, quickly retrieved the database within only a few hours. They immediately secured the data after receiving the warning about the leaked records. GTL clarified that the issue was the fault of one of their vendors.

The organization confirmed that there are no compromised credentials, patient records, or customer payment records. However, the database may not require a password for entry, indicating that the hackers could retrieve the information. It left the prisoners and their associates with potential opportunities for identity theft, bribery, and phishing.

Nobody knows how long the database was available before being indexed or accessed by any other unauthorized parties. Unsecured databases could be reached within a few hours of release and targeted.

The worst-case situation would make communications with the prisoners vulnerable to abuse and intimidation. The event is not the first case involving Telmate and GTL.

Previously, the organization and the operation charges inmates and their family with high rates. The feature threatens them with unreasonably high call times. Telmate also uses billing methods with higher call charges than usual price prices.

Prisoners and correctional staff used Telmate’s interface login data view call records and communication records. Their discovery may provide hackers with the means to break into specific networks and steal records of calls or other data.

About GTL, Telmate

Global Tel Link (GTL) is the largest prison telephone facility in the USA. It has been the focus of a variety of scandals surrounding its facilities and the care of prisoners.

GTL owns Telmate, which manufactures and operates GettingOut. It’s an internet-based app, and inmate service to make voice and video calls. Prisoners use the application to send and receive text and photo messages to outsiders.

According to class action lawsuits pending in numerous states, local prison systems and law enforcement agencies often get kickbacks from GTL contracts to extort a captive market.