Data security - Security vulnerability in prison telephony uncovered
At the prison telephone system in several German states, a security vulnerability has been discovered. A spokesperson for Telio Management GmbH (Hamburg) told the German Press Agency on Wednesday that it had been identified and immediately closed. Apart from the hacker who discovered the security breach, no one else had access to the data. There had been no misuse of it.
According to a report by NDR, the telephone system is used in more than 20 prisons in Germany. The Telio spokesperson told the German Press Agency on Wednesday that seven institutions had been affected.
The broadcaster reports that call data from inmates were visible on the internet. "Apparently, more than 14,000 prisoners in Germany were affected," the broadcaster reported. From the data, it was apparent which prisoner had called whom, when, and for how long over the past ten days. The called parties were identified by name and function, such as "wife," "lawyer," or "chaplain," according to the broadcaster.
A spokesperson for the Hamburg Justice Authority confirmed to the German Press Agency that justice detention facilities in Hamburg had also been affected by the data leak. "We have many open questions," he said. "We hold the provider accountable for answering all remaining questions and preventing such incidents in the future."
- to address the security gap in the connection data of the affected telecommunications institutions, the German Justice Authority is demanding stricter data security measures from Telio Management GmbH.
- The discovery of the security vulnerability in the prison telephone system has raised concerns about data security in the telecommunications sector, not just in Germany, but globally.
- The German Press Agency also reported that various institutions in Hamburg, including schools and hospitals, use the same telecommunications provider, raising questions about potential security risks in these areas as well.
- German law enforcement agencies are now working closely with telecommunications institutions and cybersecurity experts to identify and plug any other security gaps, ensuring the protection of sensitive connection data in the future.