A hacker appears to have successfully broken into the servers of Securus, a company that offers powerful tool for tracking civilians and monitoring inmates to law enforcement departments across the country. During the breach, the hacker was able to access the login information of thousands of Securus’ clients and provided part of the stolen data to Motherboard, where journalists were able to verify the authenticity of credentials using the site’s password recovery option.
Commentary from the following security expert:
Tim Erlin, VP at Tripwire:
This breach is another example of how supply-chain partners can impact your risk posture. There’s a high likelihood that the credentials used by law enforcement for their Securus login are also used in other places by the same individuals. That means the accessed data is valuable not only as standard ‘personal data,’ but potentially for access to law enforcement services.