RemoteCOM, a company specializing in spyware (SCOUT) for monitoring individuals on parole and probation, suffered a data breach where highly sensitive information was leaked to a cybercrime forum. The exposed data included personal details of over 800 probation supervisors (names, emails, phone numbers, work addresses) and 6,896 criminal-justice system employees, as well as 14,000 monitored offenders (names, home addresses, IP addresses, probation officer contacts, and offense histories). Additionally, internal documents revealed SCOUT’s invasive capabilities—keylogging, screenshot capture, website blocking, and keyword-based alerts—along with financial records showing installation fees ($30–$50 per device) and monthly monitoring charges ($35). The breach also exposed discussions about mandatory spyware installation on devices of offenders’ associates (e.g., family members). The hacker, 'wikkid,' claimed the intrusion was effortless, while RemoteCOM failed to respond to breach notifications. The leak raises critical concerns about the security of government-contracted surveillance tools and the vulnerability of sensitive data for both law enforcement and monitored individuals.
Source: https://san.com/cc/company-that-sells-spyware-for-monitoring-sex-offenders-hacked/
TPRM report: https://www.rankiteo.com/company/remotecom
"id": "rem5292652092625",
"linkid": "remotecom",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['6,896 criminal-justice '
'employees (probation officers, '
'supervisors)',
'Nearly 14,000 monitored '
'individuals (parolees, '
'probationers)',
'800+ probation supervisors '
'(contact details exposed)',
'80+ current/former RemoteCOM '
'employees'],
'industry': 'Criminal Justice Technology / Spyware '
'Monitoring',
'location': 'United States (services used in 49 '
'states)',
'name': 'RemoteCOM',
'type': 'Private Company'},
{'industry': 'Law Enforcement / Criminal Justice',
'location': 'United States',
'name': 'U.S. Corrections System (49 states)',
'type': 'Government Agencies'}],
'data_breach': {'data_exfiltration': 'Yes (leaked to cybercrime forum)',
'file_types_exposed': ['CSV/Excel (officer/client lists)',
'PDF (training manuals)',
'Text/Log files (alerts)',
'Internal documents'],
'number_of_records_exposed': ['6,896 (criminal-justice '
'employees)',
'14,000 (monitored individuals)',
'380,000+ (alerts)',
'800+ (probation supervisors)',
'80+ (RemoteCOM employees)'],
'personally_identifiable_information': ['Names',
'Email addresses',
'Phone numbers',
'Home/work addresses',
'Unique IDs',
'IP addresses',
'Job titles',
'Criminal charge '
'histories'],
'sensitivity_of_data': 'Extremely High (includes government '
'employee data, offender monitoring '
'details, and spyware capabilities)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Employment Records',
'Monitoring Alerts',
'Internal Training Manuals',
'Financial Transaction Details '
'(installation fees)',
'Criminal Charge Histories',
'Device Activity Logs '
'(keystrokes, screenshots, '
'chats)']},
'description': 'A company that sells spyware (RemoteCOM) used to monitor '
'individuals on parole and probation had its data leaked to a '
'cybercrime forum. The breach exposed highly sensitive '
'information regarding employees of the corrections system and '
'individuals under court-ordered supervision, including '
'personal details, monitoring alerts, and internal training '
"manuals. The hacker, known as 'wikkid,' claimed the intrusion "
'was one of the easiest they had ever carried out. RemoteCOM '
'did not respond to notifications about the breach.',
'impact': {'brand_reputation_impact': ['Severe damage due to exposure of '
'sensitive government-contracted data',
'Criticism from security experts '
'(e.g., Eva Galperin, EFF)'],
'data_compromised': ['Personal information of 6,896 '
'criminal-justice employees (names, phone '
'numbers, work addresses, emails, unique IDs, '
'job titles)',
'Identifying information of nearly 14,000 '
'monitored individuals (names, email '
'addresses, IP addresses, home addresses, '
'phone numbers, probation officer details)',
'380,000+ alerts sent to probation officers '
"(including keyword triggers like 'Nazi' or "
"'sex')",
'Training manual for SCOUT spyware '
'(capabilities: keystroke logging, email/chat '
'monitoring, location tracking, screenshot '
'capture, website blocking, keyword alerts)',
'Internal documents (e.g., informational '
'handouts on SCOUT installation fees: $50 per '
'computer, $30 per phone, $35/month '
'monitoring)',
"Labels for 'tech-savvy' offenders",
"Details on offenders' charges (sex offenses, "
'weapons, terrorism, narcotics, stalking, '
'domestic violence, sex trafficking, fraud, '
'violence, hacking)'],
'identity_theft_risk': ['High (for both offenders and justice '
'system employees)',
'Exposed PII could be used for phishing, '
'fraud, or harassment'],
'legal_liabilities': ['Potential lawsuits from affected '
'individuals (parolees, probation officers)',
'Violation of government contract terms'],
'operational_impact': ['Potential disruption to parole/probation '
'monitoring',
"Loss of trust in RemoteCOM's security "
'practices'],
'systems_affected': ['RemoteCOM internal databases',
'SCOUT spyware management system']},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (hacker shared '
'data with SAN; typical '
'behavior for such '
'breaches)',
'high_value_targets': ['Employee databases',
'SCOUT spyware management '
'system',
'Monitoring alerts']},
'investigation_status': 'No official investigation announced; breach reported '
'by media (SAN)',
'lessons_learned': ['Companies handling highly sensitive '
'government-contracted data must implement robust access '
'controls and monitoring.',
'Spyware vendors are high-value targets for hackers due '
'to the nature of their data.',
'Lack of incident response planning can exacerbate '
"breaches (e.g., RemoteCOM's non-response).",
'Third-party audits and penetration testing are critical '
'for organizations managing surveillance technologies.',
'Transparency with affected parties (e.g., probation '
'officers, parolees) is essential to mitigate harm.'],
'motivation': ['Financial Gain (likely, given data sold on dark web)',
'Activism/Exposure',
"Unknown (hacker described it as 'easy')"],
'post_incident_analysis': {'root_causes': ['Inadequate security controls '
'(hacker described breach as '
"'easy')",
'Lack of incident response '
'preparedness',
'Potential insider threats or '
'unpatched vulnerabilities',
'Failure to monitor dark web for '
'leaked credentials/data']},
'recommendations': ['Conduct a forensic investigation to determine the '
"breach's root cause.",
'Implement multi-factor authentication (MFA) and '
'zero-trust architecture.',
'Notify all affected individuals and provide credit '
'monitoring/identity theft protection.',
'Review and update data encryption practices for stored '
'and transmitted data.',
'Establish a 24/7 incident response team and clear '
'communication protocols.',
'Collaborate with law enforcement to track the leaked '
'data and mitigate dark web sales.',
'Assess compliance with CJIS, CCPA, and other relevant '
'regulations.',
'Evaluate the ethical implications of mass surveillance '
'tools like SCOUT.'],
'references': [{'source': 'Straight Arrow News (SAN)'},
{'source': 'Electronic Frontier Foundation (EFF) - Eva '
'Galperin'},
{'source': 'Reddit (sex offender support group discussions on '
'SCOUT)'}],
'regulatory_compliance': {'regulations_violated': ['Potential violations of '
'state/federal data '
'protection laws (e.g., '
'CCPA, GDPR if applicable)',
'Government contract '
'compliance failures '
'(e.g., CJIS Security '
'Policy for criminal '
'justice data)',
'Possible HIPAA violations '
'if health-related data '
'(e.g., mental health '
'records) was exposed']},
'response': {'incident_response_plan_activated': 'No (company did not respond '
'to breach notification)'},
'threat_actor': {'alias': 'wikkid', 'type': 'Hacker/Individual'},
'title': 'RemoteCOM Data Leak Exposes Sensitive Information on Parolees and '
'Probation Officers',
'type': ['Data Breach', 'Unauthorized Disclosure']}