The Federal Trade Commission (FTC) announced that prison communications provider Global Tel*Link Corp will now be required to disclose any future data breaches. The announcement comes after FTC charges claiming they failed to secure sensitive data of hundreds of thousands of users stored in a cloud environment and failed to alert all those affected by the incident.
In a complaint, the FTC says that Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing.