Skip navigation
Prison Legal News
× You have 2 more free articles available this month. Subscribe today.

Report: JailCore Left Prisoners’ Data Unprotected Online

Loaded on July 1, 2020 by Matthew Clarke published in Prison Legal News July, 2020, page 48
Filed under: Failure to Protect (General). Location: United States of America.

by Matt Clarke

On February 10, 2020, cybersecurity research team vpnMentor reported the discovery of an unsecured cloud storage server containing data from JailCore, an online management and compliance application used by jails to streamline functions like logging prisoner checks. While some of the information generated is public, other information is potentially sensitive or protected by federal medical information privacy laws.

The vpnMentor team, led by Noam Totem and Ran Locar, discovered the data security breach on January 3, 2020, while conducting a large web-mapping project. What it came upon was a data “bucket” on an Amazon-hosted S3 server that was “completely unsecured and unencrypted,” containing just over 36,000 files generated by JailCore software. Anyone browsing the web who happened upon the right URL could access all of the bucket’s contents.

This included nonpublic logs noting dates and times prisoners used the bathroom, received a meal tray or were given prescription medications, along with the name and dosage of each drug, as well as the name – and sometimes the signature – of the jail staffer administering it. Much of the information is covered by federal medical information privacy protection laws. The files also contained public information on prisoners, such as names, birthdates, and mugshots.

Founded in 2017 and based in Brentwood, Tennessee, JailCore is a subsidiary of CRS Technologies, LLC, which also owns Correctional Risk Services, a provider of medical insurance to jails that covers healthcare services for prisoners and detainees requiring offsite treatment. It was founded in 2004 by Steve Kreal, who still maintains the employee-health benefits company he founded in 1983, Stephen M. Kreal and Associates.

In addition to JailCore’s unencrypted server, vpnMentor was unable to find a privacy policy or terms of service for JailCore, which it called “odd” for technology firm. According to vpnMentor, the exposed information could help a thief steal the identity of a prisoner, and the lack of normal lines of communication would delay a prisoner’s discovery of the theft. The company did not open all the files in the bucket, but those it accessed came from jails in Florida, Kentucky, Missouri, Tennessee, and West Virginia.

The research group first informed JailCore directly about the data breach on January 5, 2020. After JailCore refused to accept disclosure of the findings, vpnMentor informed the Pentagon on January 15, 2020. By the next day, the leaky S3 bucket had been secured.

JailCore issued a belligerent response, claiming that most of the entries in the database were dummy entries used to test it and that only a few logs tracked real prisoners’ medication. It also claimed that prisoners have no privacy rights and—absurdly—are in fact property of the county in which they are jailed.

“These are incarcerated individuals, not free citizens,” read a statement from JailCore founder and CEO D. J. Kreal, who is the son of Steve Kreal. “Meaning the same privacy laws that you and I enjoy, they do not. I would implore you to get all facts straight before writing/publishing anything. You cannot look at this like an example of a private citizen getting certain private information hacked from the cloud. These are incarcerated individuals who are PROPERTY OF THE COUNTY (this is even printed on their uniforms) ... they don’t enjoy our same liberties.”

Of course, jail inmates are not county property, only their uniforms are. Prisoners’ medical records are also protected by the same federal privacy laws that protect free citizens. Further, many are pretrial detainees who have not been convicted of anything and enjoy most of the same rights as those outside of jail.

In April 2020, the younger Kreal announced a new app to help jails assess and track individuals infected with the coronavirus that causes the COVID-19 disease. Kreal said the product “is designed to be extremely intuitive so very few mistakes are made.” 

 

Sources: vice.com, vpnmentor.com, correctionalnews.com, bizjournals.com

As a digital subscriber to Prison Legal News, you can access full text and downloads for this and other premium content.

Subscribe today

Already a subscriber? Login

More from this issue:

  1. Mississippi Prisons in Crisis, by David Reutter
  2. Rappers Jay-Z and Yo Gatti Help Prisoners in Mississippi Sue State Over “Inhumane and Unconstitutional Conditions”, by Bill Barton
  3. From the Editor, by Paul Wright
  4. Florida’s Refusal to Release Prisoners During COVID-19 Resulting in Death Sentences, by David Reutter
  5. Prison Postcards: A Plea from Kentucky and Dispatches from Texas and Massachusetts, by Ken Silverstein
  6. Unlike U.S., Many Governments Releasing Large Numbers of Prisoners to Reduce Threat of COVID-19, by Matthew Clarke
  7. Status of the Pandemic Heading into Summer, by Michael D. Cohen, MD
  8. COVID-19 Pandemic Leads to Unrest in Prisons Around the Globe, by Matthew Clarke
  9. $1 Million Payout to Family of Man Who Died After Seizures in Montana Jail, by Kevin Bliss
  10. Florida Guards and Prisoners Fear COVID-19 Infection, by David Reutter
  11. COVID-19 and the Texas Department of Criminal Justice, by Edward Lyon
  12. The Popularity of YouTube Prison Lifestyle Videos, by Anthony Accurso
  13. Sixth Circuit Vacates Preliminary Injunction Regarding Elkton Prisoner Class Action, by Derek Gilna
  14. Man Sentenced to One Year For Shoplifting Dies In Prison During Pandemic, by Anthony Accurso
  15. L.A. County Sheriff Says Prisoners Intentionally Tried to Catch Coronavirus to Get Released, by Dale Chappell
  16. Secret BOP Document Raises Risk Factors, Security Levels of Prisoners
  17. New York District Court Judge Denies Preliminary Injunction Against MCC Brooklyn, by Derek Gilna
  18. Who’s in SHU? A Survey of Solitary Confinement, by Terry A Kupers
  19. Reports: COVID-19 More Prevalent Than Reported in Nation’s Prisons and Jails, by Kevin Bliss
  20. Warden Reassigned From COVID-19 Inundated Louisiana Federal Prison, by Matthew Clarke
  21. Sale of Clandestine Surveillance Equipment Available to the Government and “Select Clients”, by Kevin Bliss
  22. ACLU Files Lawsuit Against CoreCivic Prison in Arizona over COVID-19 Failures, by Dale Chappell
  23. Michigan Prisoner’s Whistleblowing on GED Test Cheating Survives Summary Judgment, by David Reutter
  24. U.S. Supreme Court Overturns Texas Federal Judge’s Order Granting COVID-19 Relief to Elderly Prisoners, by Matthew Clarke
  25. Alabama Should Release Elder Prisoners at Risk for COVID-19, by Edward Lyon
  26. $1.15 Million Settlement After South Carolina Prisoner’s Baby Born, Dies in Toilet, by Edward Lyon
  27. With Lives of Immigrant Detainees at Risk to COVID-19, Federal Judge Forces ICE’s Hand, by Christopher Zoukis
  28. 11th Circuit Rules Florida Prisoner Claiming Sexual Assault by Guard Can Proceed With Cruel and Unusual Punishment Claim, by David Reutter
  29. Lawsuit Over Conditions at BOP’s New York City Prison Continues as COVID-19 Spreads, by David Reutter
  30. Oklahoma Jail Sued for Mocking Prisoner as He Died, by Dale Chappell
  31. Interview: Alec Karakatsanis of the Civil Rights Corps on Money Bail and Debtors’ Prisons, by Ken Silverstein
  32. Orleans Parish Sheriff, Wellpath, Sued Over Louisiana Jail Prisoner’s Fatal Overdose, by Matthew Clarke
  33. Policy Change Leads to Gang Riot at Utah Prison, by Kevin Bliss
  34. Indiana Prisoner’s Suit Alleging Illegal Solitary Confinement Settled for $425,000, by Douglas Ankney
  35. Pennsylvania Judge Verdict: A Potential Death Sentence for Shoplifting Conviction, by Edward Lyon
  36. Maine Court Rules Prisoner’s Rights Violated by 22 Months in Segregation Without Meaningful Review but Awards No Damages, by Matthew Clarke
  37. New Jersey Jail Detainee Dies While Reportedly Begging for Water, by Douglas Ankney
  38. Report: JailCore Left Prisoners’ Data Unprotected Online, by Matthew Clarke
  39. NaphCare, Oregon Jail’s Private Healthcare Provider, Required to Disclose Records in Detox Death Suit, by Mark Wilson
  40. Federal Court Allows Lawsuit Over Sexual Assault of Female Connecticut Prisoner to Proceed, by Matthew Clarke
  41. Ninth Circuit Announces New Rule on Eighth Amendment Violation Due to Sexual Assault by Montana Prison Staffer, by Dale Chappell
  42. Ninth Circuit Reverses Summary Judgment in California Sexual Harassment Case, by David Reutter
  43. California Court of Appeal Upholds Dismissal of Challenge to Excessive Jail Phone Rates as Unconstitutional Tax, by Matthew Clarke
  44. Ex Post Facto Oregon Parole Postponement Claim Not Cognizable in §2254 Proceeding, by Mark Wilson
  45. High School Journalists Garner National Attention by Exposing School’s Use of Prisoner Labor, by Douglas Ankney
  46. Florida’s “Pay-to-Vote” System Struck Down, by David Reutter
  47. Sexual Assault of Colorado Prisoner Deemed Constitutional Violation; Her Case Can Proceed, by David Reutter
  48. Delaware Changes Prison Health Care Provider Due to Lawsuits Against Prior Contract Holder, by Jayson Hawkins
  49. Oregon Federal Court: 8th and 14th Amendments Mandate Miller Hearing, by Mark Wilson
  50. Texas Attorney General Finds GEO Documents Are Public Information, by Matthew Clarke
  51. Rhode Island Pays $380,419 to Settle Prison Guard Hiring Discrimination Suit, by Matthew Clarke
  52. HRDC Prevails in Censorship Suit Against Kentucky Prison System, Wins $104,711, by David Reutter
  53. Former Prisoners Shut Out of Coronavirus Loans, by Jayson Hawkins
  54. Connecticut City Settles Suit Over Prisoner’s Suicide for $1,393,000, by Matthew Clarke
  55. Former CoreCivic Nurse in Colorado Claims Sex Discrimination, Retaliation After Filing Complaint About Poor Medical Care, by Dale Chappell
  56. COVID-19 Changes the Face of Education in the Nation’s Prison Systems, by Kevin Bliss
  57. Florida Prisoners Win 3.9 Million in Media Credits in MP3 Player Lawsuit, by David Reutter
  58. Prisoners Replace New Orleans Sanitation Workers Striking for Coronavirus Hazard Pay, by Kevin Bliss
  59. News in Brief

More from Matthew Clarke:

More from these topics: