Guest Post: NordVPN Highlights That The Securus Data Breach Shows Data Collected by Government Can Be Easily Exposed

Securus, a company that buys up smartphone location data of private citizens and sells it to law enforcement, was just hacked. According to Motherboard, the hacker had gained access to the account information of thousands of law enforcement officials who were using the servicer to track phones.

Before the hack, cybersecurity researcher Robert Xiao discovered an exploit where Securus’ free demo could be used to discover a cell phone’s exact location without even logging in. Anyone, anytime, for any reason, could use their platform to track someone’s exact location.

Securus bought the data from LocationSmart, a company that collects location data from telecoms and sells it to third parties – anybody willing to track someone’s location.

In addition to tracking private citizens, Securus was using the data in other questionable ways. For example, a former sheriff of Mississippi County, Missouri, Cory Hutcheson, used the service to track local judges and other law enforcement officials.

“Many companies are not doing enough to secure sensitive user data. The governmental methods of data collection cannot be trusted either,” said Marty P. Kamden, CMO of NordVPN. “As we have seen with Securus, its cybersecurity was so fragile that the company was hacked less than a week after the existence of its legally questionable and unethical service was exposed. When government hires private companies like Securus, millions of private user data can get stolen, hacked or sold. Collecting data and tracking people can always backfire since this data is handled by other people, who can make mistakes.”

In the documents provided to Motherboard, the hacker proved that they had accessed the login information of prison wardens, administrators, correctional officers, and other law enforcement officials. They also indicated that the hack was “relatively simple,” though no further details have been published.


How to protect one’s privacy?

There’s no way to prevent one’s phone from being tracked while also remaining connected to a network capable of receiving and making phone calls. If phone calls are not necessary, a user can turn their phone off or turn an airplane mode on.

Turning off one’s location settings will make it harder to discover one’s location, but not impossible. To maintain a constant connection, modern phones always try to stay connected to at least three cell phone towers, which allows mobile network operators(and, by extension, the government) to triangulate one’s approximate location to varying degrees of accuracy.

Besides protecting one’s location, those who use the Internet should make sure they use an encryption method to protect their online activity. VPNs help encrypt the information between a user’s computer and VPN server and make it invisible to third parties.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: