Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Security

Prison Phone Company Leaked 600,000 Users' Data and Didn't Notify Them (arstechnica.com) 45

An anonymous reader quotes a report from Ars Technica: Prison phone company Global Tel*Link leaked the personal information of nearly 650,000 users and failed to notify most of the users that their personal data was exposed, the Federal Trade Commission said today. The company agreed to a settlement that requires it to change its security practices and offer free credit monitoring and identity protection to affected users, but the settlement doesn't include a fine. "Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing," the FTC said.

A security researcher notified Global Tel*Link of the breach on August 13, 2020, according to the FTC's complaint (PDF). This happened just after "the company and a third-party vendor copied a large volume of sensitive, unencrypted personal information about nearly 650,000 real users of its products and services into the cloud but failed to take adequate steps to protect the data," the FTC said. The data was copied to an Amazon Web Services test environment to test a new version of a search software product. For about two days, the data was in the test environment and "accessible via the Internet without password protection or other access controls," the FTC said. After hearing from the security researcher, Global Tel*Link reconfigured the test environment to cut off public access. But a few weeks later, the firm was notified by an identity monitoring vendor that the data was available on the dark web. Global Tel*Link didn't notify any users until May 2021, and even then, it only notified a subset of them, according to the FTC. [...]

The complaint said that Global Tel*Link violated the Federal Trade Commission Act's section on unfair or deceptive acts or practices and charged the firm with unfair data security practices, unfair failure to notify affected consumers of the incident, misrepresentations regarding data security, misrepresentations to individual users regarding the incident, misrepresentations to individual users regarding notice, and deceptive representations to prison facilities regarding the incident. To settle the charges, the company agreed to new security protocols, including "'change management' measures to all of its systems to help reduce the risk of human error, use of multifactor authentication, and procedures to minimize the amount of data it collects and stores," the FTC said. Global Tel*Link also has to notify the affected users who were not previously notified of the breach and provide them with credit monitoring and identity protection products. The product must include $1,000,000 worth of identity theft insurance to cover costs related to identity theft or fraud. The company must also notify consumers and prison facilities within 30 days of future data breaches and notify the FTC of the incidents, the agency said. Violations of the settlement could result in fines of $50,120 for each violation, the FTC said.

This discussion has been archived. No new comments can be posted.

Prison Phone Company Leaked 600,000 Users' Data and Didn't Notify Them

Comments Filter:
  • by myowntrueself ( 607117 ) on Thursday November 16, 2023 @07:07PM (#64010997)

    Do they even have any rights at all?

    I mean, the constitutional changes that (finally) outlawed slavery have specific exceptions for prisoners to be enslaved... So really, the USA does still do slavery.

    • by cascadingstylesheet ( 140919 ) on Thursday November 16, 2023 @07:25PM (#64011011) Journal

      Do they even have any rights at all?

      I mean, the constitutional changes that (finally) outlawed slavery have specific exceptions for prisoners to be enslaved... So really, the USA does still do slavery.

      I realize you are being facetious, but felons do indeed choose to give up some rights when they commit their crimes.

      Nor is there any practical way around that. Somebody is going to have their rights removed; either wrongdoers or normals. The only question is which group.

      • by Anonymous Coward
        This would be illegal in Germany.
        • This would be illegal in Germany.

          Nobody is saying that the phone company in question should have leaked the information. I was merely explaining to Mr. Right that he had a few things wrong about his rights :p

      • I realize you are being facetious

        Not facetious at all friend, that is the truth!

      • Do they even have any rights at all?

        I mean, the constitutional changes that (finally) outlawed slavery have specific exceptions for prisoners to be enslaved... So really, the USA does still do slavery.

        I realize you are being facetious, but felons do indeed choose to give up some rights when they commit their crimes.

        Nor is there any practical way around that. Somebody is going to have their rights removed; either wrongdoers or normals. The only question is which group.

        Slavery is wrong.
        Just because someone commits a crime, doesn't mean that slavery is suddenly OK.
        The USA is so fucked up that people can believe shit like this is just fine.

      • What rights specifically? I mean sure freedom of movement is gone. But where is it legally enumerated that prisoners are forced to use ludicrous phone companies that exist only to fuck over people that society itself do not want to defend?

        While prisoners absolutely need to give up some rights (they are prisoners) at some point we also need to question why we accept that we blindly fuck them over at every turn.

      • by sjames ( 1099 )

        Naturally felons lose freedom of movement and such, but the US removes far more rights than actually necessary. Apparently including the right to life and healthcare. Meanwhile, when wealthy people commit a crime, the place they go looks nicer than many law abiding lower income people have.

      • Normals get their rights removed all the time because it's easier to go after them than criminals.

      • I think you're a little off when you say "felons do indeed choose to give up some rights when they commit their crimes." I would argue that MOST Americans have committed felonies, because the laws here are so ridiculous, something as innocuous as the innocent mishandling of information can be a felony. So I don't think it really boils down to people "choosing" to give up their rights. It's more about the government imposing ridiculous legislation and imposing outrageous penalties.
    • 13th Amendment, section 1:

      Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.

      • Re: (Score:3, Informative)

        13th Amendment, section 1:

        Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.

        Right, so slavery is still a form of punishment.

    • Wouldn't customer data include the people on the outside that they're calling?

      • by jd ( 1658 )

        Yes, it will.

  • Scumbag companies (Score:4, Insightful)

    by Revek ( 133289 ) on Thursday November 16, 2023 @07:38PM (#64011025)
    Invariably have scumbag owner/operators. The rates they charge are unethical and borderline criminal. Anyone who will do that won't hesitate hide their own malfeasance.
    • by Ocker3 ( 1232550 )
      And they really should have been fined to make them change their future behaviour, without adequate 'stick' they're not going to change their practices.
      • by Valgrus Thunderaxe ( 8769977 ) on Thursday November 16, 2023 @08:31PM (#64011061)
        The whole private, for-profit prison industry is crooked and whole concept is appalling.
      • by tlhIngan ( 30335 )

        And they really should have been fined to make them change their future behaviour, without adequate 'stick' they're not going to change their practices.

        No, a fine is too easy.

        They should have their monopoly taken away - let any phone company run a prison payphone system.

        That's what will change their system - threaten to let competition in. When the FCC threatened to do it, all the prison phone companies immediately filed lawsuits because they all knew what was at stake.

      • by sjames ( 1099 )

        Their CXOs should be forced to use the company's "service" for their own phones for a few years.

    • The prisons love it because of legal kickbacks from the phone companies. See https://www.prisonphonejustice... [prisonphonejustice.org].

  • Or is it the US of Awfullness?

    You have a "prison phone company" ... seriously?

    Seriously?

    Seriously?

    Seriously?

    • It’s easier to understand if you realize it’s the United States of screw the poors, the rich won’t do time. Plus the BS people are fed from birth that each person needs to accomplish everything on their own which interestingly enough is a very effective divide and conquer strategy employed by the capital ruling class.
  • I'm not from the US so I had to educate myself about what a "prison phone company" is. My main takeaway being: WTF? It's amazing how much of an industry the US correctional facilites are.

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!

Working...