HACKED! Telmate

By Kevin Lancaster, IDAgent

Exploit: Unsecured Database 

Telmate: Correctional Facility Communications  

Risk to Business: 2.014 = Severe

An a misconfigured Amazon S3 Bucket is to blame for a nasty data breach involving Telmate, makers of the Getting Out app used for inmate communications. The app, (which charges an exorbitant fee of up to $0.50 per minute for families to communicate with their incarcerated loved ones), is commonly monitored by prison officials, but the data that has been leaked is the kind of highly sensitive personal information like whether an inmate identifies as transgender, their relationship status, prescription medication they take, and their religion. The company, part of the Global Tel Link family, blames a third party vendor for the incident. Experts say that 11,210,948 inmate records and 227,770,157 messages were exposed.

Individual Risk: 2.314 = Severe

While Telnet maintains that no medical data, passwords, or consumer payment information were affected, the information that has been widely available through this unsecured bucket is potentially personally damaging and opens prisoners and their families up to identity theft and blackmail risks, as well as targeting for hate crime.

Customers Impacted: 2.3 million inmates and their families

How it Could Affect Their Business: Failing to secure simple data storage tools like this is indicative of a lax attitude toward security throughout a company, and can turn off customers and potential partners. This is Telmate’s second security incident this year.

To learn more about how you can eliminate/mitigate these kinds of threats to your organization, call 239.790.4479 and speak to one of our security specialists today.

Source: https://www.gizmodo.com.au/2020/09/prison-phone-app-exposes-millions-of-inmate-messages-and-personal-data/?web_view=true