FTC Finalizes Order Against Prison Communications Provider for Data Breach

Federal Trade Commission

WASHINGTON, D.C. — The Federal Trade Commission (FTC) has finalized an order against Global Tel*Link Corp., a prison communications provider, and two of its subsidiaries. The FTC charges that the companies failed to secure sensitive data of hundreds of thousands of users and did not adequately alert those affected by the data breach.

In November 2023, the FTC first announced its complaint against Virginia-based Global Tel*Link and its subsidiaries. The FTC alleges that the companies failed to implement adequate security safeguards to protect sensitive personal information they collected from users. This alleged negligence allowed malicious actors to access unencrypted personal information stored in the cloud and used for testing purposes.

The FTC also found that Global Tel*Link waited approximately nine months to notify affected customers of the breach. Even then, the company only contacted 45,000 users, despite the fact that the breach may have affected hundreds of thousands more. This lack of timely and comprehensive notification left many customers unaware that their personal data may have been compromised.

Under the FTC’s order, Global Tel*Link and its two subsidiaries are now prohibited from misrepresenting their data security practices. They are required to implement a comprehensive data security program. This program must include several measures, such as deploying “change management” mechanisms to all systems to reduce the risk of human error, using multifactor authentication, and establishing procedures to minimize the amount of data they collect and store.

The order also mandates that Global TelLink notify users affected by the data breach who did not previously receive notice. The company must provide these users with credit monitoring and identity protection products. Furthermore, Global TelLink and its subsidiaries are obligated to notify users of future security incidents that trigger any federal, state, or local breach reporting requirements.

READ:  FTC Finalizes Order Against Marriott and Starwood Over Data Breaches

The FTC’s decision to finalize this order came after receiving one comment on the proposed order. The Commission voted unanimously (3-0) to finalize the complaint and order and to approve a response to the commenter.

For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.