Skip navigation
Prison Legal News
× You have 2 more free articles available this month. Subscribe today.

FTC Orders GTL/ViaPath to Help 650,000 Customers Whose Info Was Stolen, Posted on Dark Web

Loaded on May 1, 2024 by Douglas Ankney published in Prison Legal News May, 2024, page 41
Filed under: Global Tel*Link Corp. Location: United States of America.

by Douglas Ankney

On February 24, 2024, the Federal Trade Commission (FTC) issued its final order requiring prison calling-service provider Global Tel*Link (GTL) “to change its security practices and offer free credit monitoring and identity protection” to some 650,000 customers whose personal information was stolen and made available on the dark web.

The order formalizes an agreement proposed in November 2023, after the firm known since 2022 as ViaPath Technologies and two subsidiaries—Telmate and Touchpay Holdings—“failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing.”

On August 13, 2020, Comparitech security researcher Bob Diachenko informed GTL that a security breach had occurred shortly after the firm and a third-party vendor “copied a large volume of sensitive, unencrypted personal information about nearly 650,000 real users of its products and services” into a publicly available cloud computing platform “but failed to take adequate steps to protect the data,” according to the FTC’s complaint. The data copy was meant to test a new version of software on Amazon’s Web Services cloud platform. But for two days it was “accessible via the internet without password protection or other access controls,” the complaint noted.

The exposed data included text message metadata revealing prisoners’ full names, sex, birthdates, offenses and place of incarceration—even their GTL account balances. Also included were recipients’ full names, email and street addresses, phone numbers, driver’s license numbers and IP addresses. Upon notification, GTL “cut off public access,” the complaint allowed. However, the company was informed just a few weeks later that the data was available on the dark web, yet GTL officials inexcusably waited until May 2021 before notifying any users—and even then notified only 45,000, a fraction of those affected. “This nine-month delay,” the FTC complaint read, “harmed users who did not have an opportunity to take actions to protect themselves from identity theft.” Meanwhile GTL “also repeatedly and falsely claimed in marketing materials following the incident that it had never suffered a data breach.”

The agreement requires GTL/ViaPath to “notify consumers and facilities within 30 days about future data breaches or security incidents that trigger any federal, state, or local breach reporting requirements,” as well as to notify the FTC within 10 days of making such a report. It’s unclear what prisoners are supposed to do during the first 29 days after their personal information is exposed, when they can legally be kept in the dark. As FTC Bureau of Consumer Protection Director Samuel Levine noted, “When consumers have little or no choice about whether to use a business’s products or services, the business has an even greater responsibility to ensure that its practices don’t cause harm.” But then so does FTC in regulating prison profiteers, yet it has set the bar for Viapath fairly low. See: In the Matter of Global Tel*Link Corp., FTC Complaint No. 212-3012 (2023).  

 

Additional sources: Ars Technica, Comparitech

As a digital subscriber to Prison Legal News, you can access full text and downloads for this and other premium content.

Subscribe today

Already a subscriber? Login

Related legal case

In the Matter of Global Tel*Link Corp.

Year2023
CiteFTC Complaint No. 212-3012 (2023)
LevelAdministrative Agency
ConclusionSettlement

More from this issue:

  1. Aramark: Prison Food for Thought
  2. From the Editor, by Paul Wright
  3. Southern California Jail Guard Arrested With 104 Pounds of Fentanyl
  4. Families of New Jersey Jail Suicide Victims Still Waiting for Settlement Payouts
  5. $500,000 Settlement for Colorado Prisoner Forced to Defecate in Bucket for 12 Days, by David Reutter
  6. These Men Fought White Supremacists and Got Sentenced to Over 200 Years, by Victoria Law
  7. Six Deaths in Just Over Six Months at Alabama Jail
  8. Federal Watchdog Slams BOP for Lapses in Epstein Death, Pushes Back Against Rumors It Wasn’t Suicide, by Douglas Ankney
  9. Over 5,000 Prisoners Federally Sentenced Every Month, by Douglas Ankney
  10. Alabama Woman Jailed for “Fetal Endangerment” Sues After She Was Forced to Give Birth Alone in Jail Shower
  11. Former Illinois Prisoner Pursuing PhD After 27 Years of Incarceration
  12. $32,000 Settlement for Failure to Provide Insulin to Diabetic Wisconsin Prisoner
  13. $7,500 Settlement Reached After Georgia Prisoner’s Retaliation Claim Survives Summary Judgment
  14. Autistic Detainee’s Death in Pittsburgh Jail Blamed on “Culture” That Left Him “Punished Instead of Treated”
  15. $6,500 Paid to Illinois Prisoner After Denied Records Request
  16. HIV and Incarcerated People: The Good, the Bad, and the Ugly, by Douglas Ankney
  17. Two West Virginia Jail Guards Plead Guilty in Detainee Death, Six More Charged
  18. $125,000 Settlement for Wisconsin Prisoner’s Claim That Guards Set Him Up For Stabbing, by David Reutter
  19. Escaped Idaho Prisoner Recaptured, Three Accomplices Charged
  20. Class-Action Challenge to Medical Care at Tennessee Jail Results in $3.8 Million Settlement
  21. Prisoner-on-Prisoner Violence at California Prison Leaves One Dead, Another Stabbed
  22. Eighth Circuit Says Lower Court “Tilted the Scales Too Far” for Jailers in Missouri Detainee’s Fatal Overdose, by David Reutter
  23. Arizona Sheriff Accused of Misusing Detainee Funds to Buy Guns, Ammo
  24. Three Texas Prison Guards Among 13 Charged in Sprawling Smuggling Scheme
  25. Fourth Circuit Moves North Carolina Prisons Closer to Recognizing Nation of Gods and Earths, by Matthew Clarke
  26. Washington Superior Court Says Jail Cannot Bill Poor Detainees for Medical Care
  27. Alabama Denied Summary Judgment in Prisoner’s Suit Over Knifepoint Rape, by Matthew Clarke
  28. Fourth Circuit Reinstates HRDC’s RICO Claim Against Securus and ViaPath
  29. Ninth Circuit Refunds Filing Fee to “Struck-Out” California Prisoner Denied Indigent Status Under PLRA, by Matthew Clarke
  30. Pennsylvania Jail Warden Fired, Deputy Warden Resigns After Guard Assaults Detainee
  31. Was There a Plot to Discredit Former Missouri Sheriff Investigating Corruption?, by Douglas Ankney
  32. The Graying of American Prisons
  33. Regarding Death Penalty, Biden’s Actions Don’t Align with His Mouth, by Douglas Ankney
  34. $10 Million Reimbursed for Vacated Washington Drug Possession Convictions, by David Reutter
  35. “Third Time Is Not the Charm” For Texas Jailers Barred by PLRA from Enforcing Prior Settlement Agreement Against Prisoner in New Suit, by Matthew Clarke
  36. Migrants at New Mexico CoreCivic ICE Detention Center Forced to Clean Up Sewage with Bare Hands, by Douglas Ankney
  37. Wyoming Supreme Court Grants Immunity to DOC in Prison COVID-19 Vaccine Mix-Up, by David Reutter
  38. FTC Orders GTL/ViaPath to Help 650,000 Customers Whose Info Was Stolen, Posted on Dark Web, by Douglas Ankney
  39. Three-Year Sentence for One of Four BOP Employees Charged With Ignoring Fatally Ill Federal Prisoner in Virginia
  40. “There you go, Agent Orange!” Former South Carolina Sheriff Federally Indicted for Assaulting Jail Detainee, by Edward Lyon
  41. Dismissal Affirmed of Florida Prisoner’s Claim for Exposure to Human Waste, by David Reutter
  42. Qualified Immunity Denied to Former New Mexico Warden in Prisoner’s Sexual Abuse Claim
  43. HRDC Wins Summary Judgment in North Carolina Prison Censorship Case
  44. Pennsylvania Detainee Found Four Months After Jail Escape, Five Guards Fired
  45. San Diego Jury Deadlocks on Charges Against Jail Doctor in Detainee’s Death, Nurse Acquitted
  46. BOP Guards Plead Guilty in Smuggling Ring at Closed Manhattan Lockup
  47. Legal Noose Tightens Around Necks of CDCR Officials Whose Botched Transfer Sparked San Quentin COVID-19 Outbreak, by Douglas Ankney
  48. Virginia Supreme Court Denies New Sentence Credits to State Prisoner Serving “Mixed” Sentence, by Douglas Ankney
  49. Ohio Supreme Court Orders Records Produced for State Prisoner, by David Reutter
  50. Massachusetts Makes Calls Free From Prisons and Jails
  51. $25.2 Million Settlement for Two Connecticut Prisoners Exonerated After 35 Years, by David Reutter
  52. Seventh Circuit Lets Illinois Prisoner Proceed In Forma Pauperis, Despite Trust Account Balance Exceeding Filing Fee, by Douglas Ankney
  53. Eighth Circuit Upholds Key Parts of Missouri Parole Reform
  54. BOP Rolls Out Veterans-Only Housing at Federal Prison in Texas
  55. Second Circuit Grants New York Officials Qualified Immunity for Prisoner’s Stolen Sentence Credits, by David Reutter
  56. BOP Shrugs Off Month-Long Leavenworth Lockdown
  57. $15,000 to Virginia Prisoner Mauled by DOC K-9, by Matthew Clarke
  58. California Law Extends Involuntary Commitment and Detention to Substance Abusers
  59. “Sugar Daddy” Pennsylvania Constable Accused of Recruiting “Sugar Babies” at Jail
  60. West Virginia Supreme Court Orders Prison Officials to Develop Good-Time Credit Policy, by David Reutter
  61. North Carolinian Left in Jail Awaiting Trial for 11 Years
  62. Sentencing Project Proposes Remedies for Racial Disparities Behind Bars
  63. Ninth Circuit Affirms Class Action Consent Decree at California’s Alameda County Jail, by David Reutter
  64. Fired Alabama Guard Reinstated Despite Excessive Force Used on Prisoner Who Died, by David Reutter
  65. News in Brief

More from Douglas Ankney:

More from these topics: