“Telmate” Prison Communications Exposes Personal Data of Millions

  • A GTL-owned inmate communications platform has exposed a large set of personal data.
  • The information that was left exposed online compromises both prisoners and their outside contacts.
  • The owner’s response was immediate, but someone may have had the time to access and exfiltrate the database.

The “Telmate” platform that specializes in inmate communications has exposed the personal details of millions of prisoners, as well as their outside contacts. In most cases, that would be friends and family, but the situation is far more complicated for some inmates.

The exposure came through an unprotected database that was discovered by Bob Diachenko on August 13, 2020, while the owner of Telmate, Global Tel Link, responded to the researcher’s alert in just a couple of hours. While the securing of the database came quickly, the total exposure period remains unknown.

The following information was found in the millions of records contained in three individual indexes:

  • Text message contents
  • Timestamps
  • Inmate DoB, Facility ID, Full Name, and Sex
  • Recipient full name, email address, street address, IP address, and driver’s license number
  • Prisoner full name, offense, facility, and account balance
  • Call details like duration and times, but not actual recordings
  • Administrative records containing login details for the Telmate dashboard
  • Grievances filed by inmates requesting transfers, education, legal assistance, clothing, etc.

Source: Comparitech

So, this data leak affects inmates, their contacts, and also Telmate administrators. This triple trouble translates to a wide range of potential exploitation, risks, dangers, etc. From scammers to people looking for retaliation, anyone could use the above details to attack the exposed individuals.

Also, family members and friends could become subject to harassment or even discrimination. Of course, phishing attacks are also included in the sphere of possibilities, as there’s a rich set of data that can be combined to create convincing social engineering settings.

Global Tel Link is a US-based firm that owns and develops Telmate. Telmate, in turn, develops and operates “GettingOut” and “Guardian.” The first one is an internet-based app that enables inmates to create and send media messages to the world outside, as well as to receive messages. Guardian is an app that monitors the location of inmates who are out on parole.

As Diachenko clarifies, there are no data from these two platforms in the exposed database, so the incident hasn’t affected Guardian or GettingOut data.

GTL has already had legal trouble with the allegedly exploitative manner they decided what to charge inmates and their families for communications, so this data exposure may bring additional lawsuits and demands for compensation. In any case, they mishandled very sensitive data, and the implications from this occurrence are dire.

Read More:

How to Watch Joe Pickett Season 2 Online: Stream the Western Crime Drama from Anywhere
Joe Pickett, the series based on characters created by novelist C.J. Box, has a second season coming, and below are all the...
How to Watch Gods of Tennis Online Free: Stream the Tennis Docuseries from Anywhere
Gods of Tennis is a new documentary series on “the golden age of tennis” in the 1970s and 1980s, and we have...
How to Watch Danger Below Deck Online from Anywhere
Are you a die-hard fan of crime dramas? Do you love heart-pounding suspense, gripping tension, and a captivating plot that leaves you...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari