Ransomware Attack on GEO Group Exposes Sensitive Information
by Matt Clarke
On November 3, 2020, the GEO Group, one of the largest private prison companies in the nation, revealed that it had suffered a ransomware attack in August of that year that exposed sensitive personal information of employees, immigrant detainees and prisoners.
GEO said it was sending data-breach notification letters to all affected individuals, but the company was unaware of any fraud or misuse of the information.
GEO owns or operates 123 facilities with a total of around 93,000 beds and about 23,000 employees in the U.S., U.K. and South Africa.
In a ransomware attack, criminal hackers penetrate a computer system and encrypt vital data. The system’s user is then offered the encryption key in exchange for payment, generally using Bitcoin or another cryptocurrency.
The ransomware attack on GEO compromised data for prisoners at South Bay Correctional and Rehabilitation Facility in Florida, a Pennsylvania youth facility and a now-closed facility in California, as well as employee data on two corporate servers.
The data include medical treatment information, which is private under federal law, and information that could be used in identity theft such as name, date of birth, and Social Security number. GEO worked with law enforcement and cybersecurity firms to investigate the attack.
In a document filed with the U.S. Securities and Exchange Commission, GEO said it was able to recover “critical operating data,” but did not explain whether this involved paying a ransom or the use of backup files. Also unexplained was why GEO waited 76 days to inform people that their data had been compromised.
Sources: eandt.thejet.org, dataprivacyandsecurityinsider.com
As a digital subscriber to Prison Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login
More from this issue:
- Jail Suicides in Massachusetts Point to National Crisis: Challenging Legislatures to Say Not One More, by Jennifer Honig
- Government Refuses to Follow Federal Court’s Discovery Order After Being Caught Recording Attorney Meetings with Prisoners at Leavenworth, by Dale Chappell
- From the Editor, by Paul Wright
- Mississippi Joins Illinois and Few Other States Prioritizing Vaccination of State Prisoners to Slow Spread of COVID-19, by Derek Gilna
- Pandemic Medical Update: “Herd Immunity” at Prisons?, by Michael D. Cohen, MD
- Texas Winter Storm Freezes Plumbing, Power and Prisoners, by Matthew Clarke
- Massachusetts Governor Ends Good Time Offer for Prisoners Taking COVID-19 Vaccine, by David Reutter
- Connecticut Lawmakers Refuse to Address Corrections Issues During Pandemic, by Anthony Accurso
- Confidential Settlement in Case Involving Alleged Pattern of Racist Misconduct in Michigan Prisons, by Casey Bastian
- California Trans Women Struggle For Protection Under Prison Rape Elimination Act, by Edward Lyon
- Oklahoma Prisoners Call for Better Nutrition, by Kevin Bliss
- Florida Jail Administrators Fired After Woman Gives Birth in Cell, by Daniel A. Rosen
- Holiday Cards for Prisoners: Let’s End Collective Punishment in U.S. Prisons, by Sandy Rozek
- Virginia Settles Two Lawsuits Over Misuse of Solitary Confinement, by Daniel A. Rosen
- COVID-19 Inspired Ban on Prison Visits in Texas Ends, by Chad Marks
- Activist, Political Prisoner, and Journalist Mumia Abu-Jamal Diagnosed With COVID-19, Energizing Calls for His Release, by Juliette LaMarr
- COVID-19 Pandemic Makes Job Hunting Especially Difficult for Ex-Offenders, by Kevin Bliss
- U.S. Sues Alabama Over Prison Conditions, by David Reutter
- Florida Prison Guard Indicted in Prisoner Death by Blunt Force Trauma, by David Reutter
- Michigan Begins Video Visits During Coronavirus Pandemic, by David Reutter
- Hawaii Fails to Provide Video of Two Prison Disturbances, by Edward Lyon
- California Prison Factories Fined For Exposing Unwitting Workers to COVID-19, by Mark Wilson
- Sixth Circuit Upholds Prisoner’s 18 U.S.C. § 111 Conviction for Assaulting Federally Contracted Private Prison Guard, by Matthew Clarke
- "Conservative New York County Enacts Progressive Transgender Prisoner Policy", by Mark Wilson
- COVID-19 Depletes State Prison Staffs Nationwide, Forcing Consolidation of Facilities and Increasing Risk to All, by Derek Gilna
- After 36 Years in a Louisiana Prison for a Rape He Didn’t Commit, Archie Williams Wins Freedom — and a TV Show Spotlight, by Casey Bastian
- COVID-19 Continues Rampage Through Pennsylvania State Prisons, by Derek Gilna
- $105,000 Settlement in Wisconsin Prisoner’s Excessive Force Claim, by David Reutter
- Alabama Jails and Prisoners Swamped With COVID-Related Problems, by Daniel A. Rosen
- How States Exclude People With Criminal Records From Jury Service, by Dale Chappell
- Study Shows Misaligned Economic Incentives Fuel Mass Incarceration, by Matthew Clarke
- California Enacts Legislation Strengthening Protections for LGBTQ Prisoners, by Matthew Clarke
- Baltimore Demolishes Maryland’s Oldest Penitentiary, Burying Its Nostalgia And Nightmares, by Michael Fortino, Ph.D
- Books: “Let The Lord Sort Them: The Rise and Fall of the Death Penalty”, by Robert Dunham
- Florida Senator Wants to Keep Ex-Prisoners from Earning the $15 Minimum Wage Increase, by Kevin Bliss
- Former Prisoner Becomes Activist for LBGTQ Rights in California Prisons
- Parnall Correctional Facility in Michigan Copes with Scabies Outbreak, by Kevin Bliss
- Fourth Circuit: Deaf North Carolina Prisoner Should be Allowed Direct Videophone Calls to Communicate with Deaf Community, by David Reutter
- People in jails are using more phone minutes during the COVID-19 pandemic, despite decreased jail populations, by Andrea Fenster
- Ransomware Attack on GEO Group Exposes Sensitive Information, by Matthew Clarke
- Hundreds of Virginia Inmates Await Parole Consideration Under New Law, by Daniel A. Rosen
- Colorado’s Governor Bows to Pressure in Denying State Prisoners Priority COVID-19 Vaccinations, by Derek Gilna
- More Than 40 Immigrants Have Died in ICE Custody, by Anthony Accurso
- Experts Divided on Drug Court Effectiveness, by Kevin Bliss
- Secrecy Surrounded Flurry of Late-Term Federal Executions Under Donald Trump, by Derek Gilna
- New Advocacy Group for New Mexico Prisoners Created, by Dale Chappell
- Vermont Prisoner’s Death Under Investigation: Did Implicit Bias Play Role?, by Kevin Bliss
- News in Brief
More from Matthew Clarke:
- Sixth Circuit Announces Due Process Right to ‘Prompt’ Post-Seizure Hearing While Government Deciding Whether to Initiate Forfeiture Proceedings and Holds Wayne County’s Vehicle Forfeiture Program Violates Due Process, Feb. 15, 2024
- Indiana Supreme Court Announces Civil Forfeiture Triggers Right to Jury Trial, Feb. 15, 2024
- Car Culture Dramatically Increases Number of Cop Confrontations, Feb. 15, 2024
- Ohio Prisoner Wins $2,000 Settlement for Guard Abuse Claims, Loses Appeal to Uncover Identity of Prison Officials Who Negotiated It, Feb. 1, 2024
- Tenth Circuit: No Qualified Immunity for Oklahoma Jail Guard Who Kneed Handcuffed Prisoner’s Face, Feb. 1, 2024
- DOJ Concludes BOP Pretrial Detainees Need Improvements in Access to Attorneys, Feb. 1, 2024
- Virginia Sheriff Indicted for Selling Auxiliary Deputy Sheriff Credentials, Feb. 1, 2024
- Seventh Circuit Reinstates Claim of Illinois Prisoner Held 18 Months After Release for Refusing to Sign Incomplete Form, Feb. 1, 2024
- San Diego County Jail Accused of Letting Mentally Ill Detainee Starve to Death, Feb. 1, 2024
- Michigan Supreme Court: DOC Owes Attorney Fees in Public Records Case Even if Plaintiff Is Represented Pro Bono, Feb. 1, 2024
More from these topics:
- No Data to Prove Whether $600-Million California Parole Effort Worked, Feb. 1, 2024. GEO Group/Wackenhut, Probation, Parole & Supervised Release.
- See No Evil, Hear No Evil, Treat No Evil: Centurion and the Curse of For-Profit Prison Healthcare, Jan. 1, 2024. MHM Inc., Corizon, Centurion, Misconduct/Corruption, Contractor Misconduct, Government Misconduct, Retaliation, Systemic Medical Neglect, Cancer, Private Contractors, Frivolous Litigation, Disclosure of Records, Declaratory Judgment, Public Records, Medical Neglect/Malpractice, PLN Litigation, Censorship, Articles About PLN, Public Records Act, Freedom of Information Act (FOIA), HRDC Litigation.
- How “Big Capital” Learned to Love Mass Incarceration, Jan. 1, 2024. Private Prisons, Corrections Corporation of America/CoreCivic, GEO Group/Wackenhut, Corizon, JPay, Inc., Centurion, Commentary/Reviews, Lobbying, Securus.
- After Spate of Deaths, Vermont Contracts Prisoner Healthcare to Wellpath – Again, Nov. 15, 2023. Private Contractors, Medical Neglect/Malpractice.
- Wellpath Sanctioned for Discovery Violations After Stonewalling in Prisoner Lawsuits, Aug. 15, 2023. Private Contractors, Brady Rule violations, Discovery and Inspection.
- Wellpath Subsidiary Out of Australian Women’s Prison After Indigenous Prisoner’s Death, June 15, 2023. Private Contractors, Medical Neglect/Malpractice.
- Federal Courts Throw Out Smart Communications’ Mail-Scanning Patent, June 15, 2023. Private Contractors, Prison Mail.
- Almost $42,500 Awarded to Illinois Prisoner for Denial of Physical Therapy by Wellpath Nurse, June 15, 2023. Private Contractors, Failure to Treat, Settlements.
- Second Hunger Strike Met With Pepper Spray at Washington GEO Group Lockup Where ICE Detainees Allege Widespread Sexual Abuse, March 1, 2023. Staff-Prisoner Assault, GEO Group/Wackenhut, Hunger Strikes, Pepper Spray/Tear Gas.
- $3 Million From Forsyth County, No Stay in Civil Case Against Wellpath Nurse Indicted for Involuntary Manslaughter of N.C. Jail Detainee, Jan. 1, 2023. Private Contractors, Settlements, Medical Neglect/Malpractice.