HomeWAV

HomeWAV opened a dashboard for one of its databases to the internet without a password, allowing anyone to read, browse, and search the call records and transcriptions of calls between convicts and their friends and family.

The transcriptions also included the caller's phone number, the name of the inmate who made the call, and the call's duration.

After learning of the incident, HomeWAV turned down the system.

One of their third-party providers has acknowledged that they unintentionally removed the password, allowing access to the server.

Source: https://techcrunch.com/2020/10/10/prison-visitation-homewav-leak/

"id": "HOM83119523",
"linkid": "homewav",
"type": "Breach",
"date": "10/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"