Hackers compromise 70 million prison inmate phone records | SC Media
Strategy, Threat intelligence

Hackers compromise 70 million prison inmate phone records

November 11, 2015

An estimated 70 million phone calls made by prisoners in the United States have been hacked and leaked to The Intercept.

An anonymous hacker grabbed the files from Securus Technologies, which supplies phone services for prisons and jails across the United States. The batch unveiled contains recorded calls made between December 2011 and December 2014 in facilities located in 37 states and stored on Securus's servers. The information was released via SecureDrop, a secure server set up by The Intercept for people to make anonymous data drops.

The Intercept is claiming that about 14,000 of the recorded calls were between lawyers and inmates and hinted that the recordings broke attorney-client privilege. The website was co-founded by Glenn Greenwald.

"Securus is contacting law enforcement agencies in the investigation into media reports that inmate call records were leaked online.  Although this investigation is ongoing, we have seen no evidence that records were shared as a result of a technology breach or hack into our systems.  Instead, at this preliminary stage, evidence suggests that an individual or individuals with authorized access to a limited set of records may have used that access to inappropriately share those records," Securus said in a statement.

Industry analysts are questioning the need to store such a large amount of information noting that the longer content is stored the greater the chance it could be compromised.

“Technology allows us to gather huge amounts of data, but there's dwindling value in storing that data if it's never analyzed and it may present a significant liability. It's important, in any data gathering process, to place the value on the eventual objective, and to dispose of data as quickly as possible while meeting that objective,” Tim Erlin, director of IT security and risk strategy for Tripwire, told SCMagazine Wednesday in an email correspondence.

A request for additional information from Securus Technologies by SCMagazine.com has not been returned.

For additional reporting please see: Securus prison phone call data breach raises privacy, supply chain questions
prestitial ad