DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Professional Probation Services leak exposed almost half a million probationers’ personal info

Posted on November 6, 2024 by Dissent

If you say you always do right, then you should do right, right?

Ouch. Over on infosec.exchange, @Jayeltee recently wrote:

Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included, and when I ask them for their intentions regarding disclosure, they go into hiding mode, removing their management and Our companies contact page.

Read more about the exposed data from the company who, according to them, has “A corporate culture of knowing right from wrong, and doing right- every time.”

So DataBreaches did read more on JayeLTee’s substack.

One of the exposed databases, called “Probationers,” contained 467,383 entries with the following fields:

ProbID, CourtID, OfficeID, SentenceDate, ProbationDate, ProbationExpires, TermMonths, ProbationTypeID, JudgeID, PO, ProbFeePerMonth, VCFFeePerMonth, StatusCurrent, FName, MName, LName, Suffix, Sex, Hair, Eyes, Height, Weight, DOB, Race, SSN, PhoneCell, PhoneHome, EMail, EnteredBy, EnterDate, PhyStreet, PhyStreet2, PhyCity, PhyState, PhyZip, MailStreet, MailStreet2, MailCity, MailState, MailZip, Employer, EmployerLocation, EmployerPhone, ReportType, DL, DLState, CLP_ProbID, EarlyTerm, ModifyBy, ModifyDate, GPMID, FirstOffender, ConditionalDischarge, DrugCourt, DUICourt, ConvDocket, PrimaryCase, HoldAndClear, FinancialNote, TollDaysRemaining, TolledWarrantOrigExpireDate, PleaInAbeyance, PostIT, DoNotText, MinMonthlyPmt, PayByDate, RandomDrugTests, RandomDrugInterval, RandomDrugTexting, DoNotClose, OfficeSatelliteID, CareCourt, VetCourt, NeedsProbUpdate, MaritalStatus, Children, NumChildren, ChildrenLiveWith, Income, EducationLevel, Language, PrevArrestNumber, PBC_Division, DrugScreenLabLocation, DrugScreenType, SPOS, InvoicesZeroed, DPA, VerifiedMeds, LSRisk, PTR_Recommended, PTR_DeniedByJudge, PTR_CourtAppearanceDate, PTR_FTADate, PTR_WarrantIssued, PTR_NewArrest, PTR_TechViol, PTR_IndigentPDAppointed, Felony, FPSKey, DaysCredit, SAP, JailHold, PaymentPlan, CBMoneyDue, ORCADocket, XKey, NonCompliant, GUID

The table contained 388,685 Social Security numbers in entries, of which 330,988 were unique. It also contained 222,998 email addresses, of which 195,936 were unique.

The biggest table was “Notes.” It reportedly contained almost 20 million entries. JayeLTee provided an example after stripping it of some identifiable information:

Good afternoon.. You arrested my 5 month high risk pregnant daughter for not being able to come an hour and half away to take a drug screen 2 days after she told you in person that she has no license or car to come the 60 mile drive from loganville to your office.. She has asked you more than once to transfer it to one of the 7 offices less than 10 minutes from her house and you won’t ..’,’2023-03-07 14:43:12′,

JayeLTee presents a lot more data in his article, but let’s leap ahead to his notification to Professional Probation Services.

His email may strike some as insulting in tone, but it contained all the important details such as where to find the exposed data and what he observed in terms of the scope of the exposure. A copy of it is included in his full article.

“A corporate culture of knowing right from wrong, and doing right- every time.”

Within hours after notifying them, JayeLTee noticed that the data was no longer exposed, which is to PPS’s credit.

But PPS never responded to his notification. No “Thank you” or any acknowledgment at all. So days later, JayeLTee emailed them again to ask if they planned to disclose this leak and if so, when, so he would delay publication to give them a chance to disclose first.

They did not reply to his second email, but they did respond somewhat — they removed the webpage on their site that named their management team.

It is now more than a week since JayeLTee first reached out to PPS but received no replies.

Unanswered Questions

DataBreaches emailed PPS on November 4 to ask:

  1. When was the data first unintentionally exposed?
  2. Do they have logs that show how many unauthorized IP addresses accessed the exposed data between then and when they secured the data?
  3. Are they notifying any federal or state regulators about this incident? If so, which one(s)?
  4. Will they be notifying any of the people who had their personally identifiable information exposed?
  5. Will they be offering people complimentary mitigation services if their SSN was exposed?
  6. Can they explain why they never responded to JayeLTee’s emails and why they removed their management page from their site?

There has been no reply as of publication.  DataBreaches will update this post if a reply is received or more information becomes available.

 

 

 

Category: Business SectorCommentaries and AnalysesExposure

Post navigation

← Hackers claimed the FREE S.A.S. data had been sold. One now claims that wasn’t true. (1)
City of Columbus, Ohio cyberattack by Rhysida affected 500,000 residents →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.