Securus is known for allegedly helping prisons violate Sixth Amendment protections by recording "at least" 14,000 phone calls between inmates and lawyers. There was also a report at The New York Times that a former sheriff in Mississippi County used the service to track cellphones, including those of other officers, without court orders. Now, an unidentified hacker has apparently provided Motherboard data from Securus, which includes usernames and "poorly secured" passwords for thousands of the company's customers in law enforcement.
The concern here is that any malicious entity could use these logins to access the location of any of the phones tracked by the company. Motherboard reports that the hacker sent several internal company files, including a spreadsheet marked "police," which contained 2,800 user names, email addresses, phone numbers, hashed passwords and security challenge questions. The data is apparently from 2011 forward, and includes information from sheriff departments and city police from places including Minneapolis, Phoenix, Indianapolis and more. We've reached out to Securus for comment and will update this post if we hear back.
- This article originally appeared on Engadget.