In an email, Global Tel Link blamed “the actions of one of our vendors” for the exposed data. “This vulnerability was swiftly corrected, the data security system was immediately supplemented with the assistance of third-party consultants, and we continue to work closely with law enforcement authorities as we conduct further inquiry into this incident,” the company added. “Based on the current facts of the investigation, no medical data, passwords, or consumer payment information were affected.
Later in the month Gizmodo notified Guardian’s developers about a misconfigured Amazon S3 Bucket they had used for testing their Getting Out software. “GTL ( Global Tel Link ) has a long history of overcharging loved ones of incarcerated people for phone services” James Kilgore, director of Media Justice’s Challenging E-Carceration project, said in an email. “Their ventures into GPS tracking both add illicit funds to their revenue stream and extend the boundaries of e-carceration, the use of technology to deprive people of their liberty.
While Global Tel Link isolated and secured the leak the day that Diachenko discovered the database, it is unknown how long the data had been sitting unsecured. ”At the core of all these exposures lies a human mistake,” Diachenko said in a video call interview. “Amazon, Microsoft, Elastic, Mongo, have all introduced pretty strict security policies that make customer data private by default.