Telmate, a widely used prison phone service, left millions of inmates’ and their contacts’ data exposed online, according to Comparitech. The company is behind an app called GettingOut, which gives prisoners a way to make monitored voice/video calls and to send texts to their loved ones. Due to the nature of the service, the exposed data included identifiable information and personal correspondences.
Comparitech security researcher Bob Diachenko discovered an unsecured database in early August containing 11 million records of inmates and their contacts, as well as 227 million message records. The prisoners’ records came with their full names, offense, religion, the facility they’re at, their relationship status, the medications they’re taking and even whether they identify as trans. Meanwhile, their contacts’ records included their names, their email, physical and even IP addresses, their phone numbers and their driver’s license ID details.
Comparitech says Telmate owner Global Tel Link secured the database within just a few hours after being informed. In a statement GTL provided, the company blamed the incident on “the actions of one of [its] vendors” and clarified that “no medical data, passwords, or consumer payment information were affected.” But seeing as the collection didn’t even need a password for access, bad actors could’ve dowloaded it all, making the inmates and their contacts targets for fraud, identity theft and phishing schemes. Worse still, the information could subject prisoners’ contacts to harassment and discrimination.
This security gaffe is far from the first controversy GTL and Telmate have been involved in. GTL and its subsidiary have long been accused of price gouging inmates and their families by charging them exorbitant call rates. The defense attorneys Prison Policy Initiative talked to even revealed that prison phone services have “shocking billing practices that cause the actual call charges to be far higher than the nominal published rates.”