An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails.
The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014.
Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recorded conversations between inmates and attorneys, a strong indication that at least some of the recordings are likely confidential and privileged legal communications — calls that never should have been recorded in the first place.
https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/
Mark James, Security Specialist at IT Security Firm, ESET: “Of course the problem we have here is how the data was compromised. If it was encrypted and someone with the authority to view or access it in the first place was able to make copies and or move this data off site, then the question should be why was the data not segregated off and stored with multi factor access or even digitally encoded for tracing purposes? If the data was not encrypted and it was accessed by someone who managed to compromise the system, then of course why it was not encrypted is the big question.
Quite often in these cases the storing of this data is governed by general rules to protect data as a whole and sadly not all data is equal. Some data needs to be protected differently than others, the data is now “in the wild” and nothing can be done about that. Securous will have to deal with the backlash of that and look at measures to protect the storage of future data in an attempt to stop this from happening again. In these circumstances access to this data could have massive repercussions due to the nature of the content and it should have been better protected.”