A significant data breach has compromised the personal information of nearly 14,000 people under court supervision, along with contact information for thousands of criminal justice employees. The breach targeted RemoteCOM, a company that provides monitoring services for people on pretrial, probation, and parole in 49 US states. The incident, which was first reported by Straight Arrow News (SAN), has raised serious concerns about the security of highly sensitive surveillance data.
The software at the center of the controversy is SCOUT, a proprietary surveillance application that RemoteCOM advertises as a “premier” client management service. According to a leaked RemoteCOM training manual, the software is used to track individuals for a wide range of offenses, including narcotics, fraud, and domestic violence. Despite its stated purpose, SCOUT functions as aggressive spyware by secretly recording keystrokes, taking screenshots, tracking location, and automatically sending alerts to probation officers if an individual types certain keywords.
An informational handout found in the leak exposed the financial burden placed on offenders: a $50 installation fee for every computer, a $30 fee for phone installations, and a recurring $35 monthly monitoring fee per device. The records also specifically labeled offenders believed to be “tech savvy.” According to SAN’s report, the hacker, known as “wikkid,” claimed the breach against RemoteCOM was the “easiest” one. The leaked information was divided into two key files. The “Clients” file contained approximately 14,000 records, including the names, home addresses, phone numbers, email addresses, and IP addresses of individuals monitored by SCOUT, along with their specific charges. The data was extremely personal, with one record showing the SCOUT application had even been installed on a client’s sister-in-law and fiance’s phones. The file also contained over 380,000 activity alerts sent to officers, some flagging keywords like “Nazi” or “sex,” revealing the invasive nature of the surveillance.
The “Officers” file, with 6,896 entries, exposed the names, job titles, phone numbers, work addresses, and email addresses for law enforcement personnel who use the service. The data leak poses substantial dangers for both the monitored individuals and the officers. For the people being monitored, the exposure of their personal details and offense categories makes them potential targets, even though not every client listed is a convicted offender. Some may be suspects or awaiting trial. For the officers and justice system staff, the leak of their contact and workplace information exposes them and their families to threats.
RemoteCOM released a short statement to SAN, confirming they are “assessing the situation currently.” This is a developing story.
Reference:
