FTC Settles Data Breach Case with Global Tel*Link Corp Over Unprotected User Data Leak

The US Federal Trade Commission (FTC) recently disclosed a settlement with Global Tel*Link Corp, encompassing two subsidiaries, Telmate and TouchPay Holdings, over a significant data breach exposing sensitive information of its users, including those incarcerated. The breach led to leaked data on the dark web and instances of identity abuse and fraudulent credit card charges.

The incident traces back to mid-2020 when the company, aiming to test a new search software product, transferred a database containing entries on 650,000 actual users to an Amazon Web Services (AWS) test environment. Shockingly, this data remained unprotected for approximately two days, lacking password protection or any form of control.

Following a security researcher’s notification regarding the exposed database, Global Tel*Link secured the files. Unfortunately, the compromised data swiftly surfaced on a dark web forum, containing a trove of personal details capable of facilitating identity theft, phishing, and wire fraud.

The leaked information encompassed comprehensive user data: full names, dates of birth, phone numbers, email addresses or usernames paired with passwords, addresses, driver’s license and passport numbers, location details, and sensitive descriptors including race, religion, and transgender status. Moreover, it comprised approximately 80,000 grievances filed by incarcerated consumers, alongside details of about 75,000 written messages exchanged among incarcerated and non-incarcerated users via Global Tel*Link’s services. Alarmingly, these messages contained payment card numbers, financial account details, and Social Security numbers in numerous instances.

Furthermore, despite consumer complaints and instances of fraudulent credit card transactions, the company falsely claimed it had never experienced a breach. The notification delay compounded the issue, with a mere 45,000 individuals being notified nine months post-incident.

Global Tel*Link Corp settled with the FTC, committing to bolstering security protocols and offering affected users free credit monitoring and identity protection. Notably, the settlement does not include fines.

ALL LATEST
- Advertisment -ad

Most Popular