“Telmate” Prison Communications Exposes Personal Data of Millions

  • A GTL-owned inmate communications platform has exposed a large set of personal data.
  • The information that was left exposed online compromises both prisoners and their outside contacts.
  • The owner’s response was immediate, but someone may have had the time to access and exfiltrate the database.

The “Telmate” platform that specializes in inmate communications has exposed the personal details of millions of prisoners, as well as their outside contacts. In most cases, that would be friends and family, but the situation is far more complicated for some inmates.

The exposure came through an unprotected database that was discovered by Bob Diachenko on August 13, 2020, while the owner of Telmate, Global Tel Link, responded to the researcher’s alert in just a couple of hours. While the securing of the database came quickly, the total exposure period remains unknown.

The following information was found in the millions of records contained in three individual indexes:

  • Text message contents
  • Timestamps
  • Inmate DoB, Facility ID, Full Name, and Sex
  • Recipient full name, email address, street address, IP address, and driver’s license number
  • Prisoner full name, offense, facility, and account balance
  • Call details like duration and times, but not actual recordings
  • Administrative records containing login details for the Telmate dashboard
  • Grievances filed by inmates requesting transfers, education, legal assistance, clothing, etc.

telmate-data
Source: Comparitech

So, this data leak affects inmates, their contacts, and also Telmate administrators. This triple trouble translates to a wide range of potential exploitation, risks, dangers, etc. From scammers to people looking for retaliation, anyone could use the above details to attack the exposed individuals.

Also, family members and friends could become subject to harassment or even discrimination. Of course, phishing attacks are also included in the sphere of possibilities, as there’s a rich set of data that can be combined to create convincing social engineering settings.

Global Tel Link is a US-based firm that owns and develops Telmate. Telmate, in turn, develops and operates “GettingOut” and “Guardian.” The first one is an internet-based app that enables inmates to create and send media messages to the world outside, as well as to receive messages. Guardian is an app that monitors the location of inmates who are out on parole.

As Diachenko clarifies, there are no data from these two platforms in the exposed database, so the incident hasn’t affected Guardian or GettingOut data.

GTL has already had legal trouble with the allegedly exploitative manner they decided what to charge inmates and their families for communications, so this data exposure may bring additional lawsuits and demands for compensation. In any case, they mishandled very sensitive data, and the implications from this occurrence are dire.

Read More:

REVIEW OVERVIEW

Latest

How to Watch Miami Marlins Games Online Without Cable

The Miami Marlins is a professional baseball team and have been competing in the MLB since being launched as an expansion team...

How to Watch Baymax! Online on Disney Plus

Big Hero 6 fans will be happy to know there's only a little time left until the new series focusing on Baymax...

How to Watch All Star Shore Online From Anywhere

Is everyone ready for a summer reality star competition? We know we are, and we're excited to see how All Star Shore...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari