DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Professional Probation Services leak exposed almost half a million probationers’ personal info

Posted on November 6, 2024 by Dissent

If you say you always do right, then you should do right, right?

Ouch. Over on infosec.exchange, @Jayeltee recently wrote:

Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included, and when I ask them for their intentions regarding disclosure, they go into hiding mode, removing their management and Our companies contact page.

Read more about the exposed data from the company who, according to them, has “A corporate culture of knowing right from wrong, and doing right- every time.”

So DataBreaches did read more on JayeLTee’s substack.

One of the exposed databases, called “Probationers,” contained 467,383 entries with the following fields:

ProbID, CourtID, OfficeID, SentenceDate, ProbationDate, ProbationExpires, TermMonths, ProbationTypeID, JudgeID, PO, ProbFeePerMonth, VCFFeePerMonth, StatusCurrent, FName, MName, LName, Suffix, Sex, Hair, Eyes, Height, Weight, DOB, Race, SSN, PhoneCell, PhoneHome, EMail, EnteredBy, EnterDate, PhyStreet, PhyStreet2, PhyCity, PhyState, PhyZip, MailStreet, MailStreet2, MailCity, MailState, MailZip, Employer, EmployerLocation, EmployerPhone, ReportType, DL, DLState, CLP_ProbID, EarlyTerm, ModifyBy, ModifyDate, GPMID, FirstOffender, ConditionalDischarge, DrugCourt, DUICourt, ConvDocket, PrimaryCase, HoldAndClear, FinancialNote, TollDaysRemaining, TolledWarrantOrigExpireDate, PleaInAbeyance, PostIT, DoNotText, MinMonthlyPmt, PayByDate, RandomDrugTests, RandomDrugInterval, RandomDrugTexting, DoNotClose, OfficeSatelliteID, CareCourt, VetCourt, NeedsProbUpdate, MaritalStatus, Children, NumChildren, ChildrenLiveWith, Income, EducationLevel, Language, PrevArrestNumber, PBC_Division, DrugScreenLabLocation, DrugScreenType, SPOS, InvoicesZeroed, DPA, VerifiedMeds, LSRisk, PTR_Recommended, PTR_DeniedByJudge, PTR_CourtAppearanceDate, PTR_FTADate, PTR_WarrantIssued, PTR_NewArrest, PTR_TechViol, PTR_IndigentPDAppointed, Felony, FPSKey, DaysCredit, SAP, JailHold, PaymentPlan, CBMoneyDue, ORCADocket, XKey, NonCompliant, GUID

The table contained 388,685 Social Security numbers in entries, of which 330,988 were unique. It also contained 222,998 email addresses, of which 195,936 were unique.

The biggest table was “Notes.” It reportedly contained almost 20 million entries. JayeLTee provided an example after stripping it of some identifiable information:

Good afternoon.. You arrested my 5 month high risk pregnant daughter for not being able to come an hour and half away to take a drug screen 2 days after she told you in person that she has no license or car to come the 60 mile drive from loganville to your office.. She has asked you more than once to transfer it to one of the 7 offices less than 10 minutes from her house and you won’t ..’,’2023-03-07 14:43:12′,

JayeLTee presents a lot more data in his article, but let’s leap ahead to his notification to Professional Probation Services.

His email may strike some as insulting in tone, but it contained all the important details such as where to find the exposed data and what he observed in terms of the scope of the exposure. A copy of it is included in his full article.

“A corporate culture of knowing right from wrong, and doing right- every time.”

Within hours after notifying them, JayeLTee noticed that the data was no longer exposed, which is to PPS’s credit.

But PPS never responded to his notification. No “Thank you” or any acknowledgment at all. So days later, JayeLTee emailed them again to ask if they planned to disclose this leak and if so, when, so he would delay publication to give them a chance to disclose first.

They did not reply to his second email, but they did respond somewhat — they removed the webpage on their site that named their management team.

It is now more than a week since JayeLTee first reached out to PPS but received no replies.

Unanswered Questions

DataBreaches emailed PPS on November 4 to ask:

  1. When was the data first unintentionally exposed?
  2. Do they have logs that show how many unauthorized IP addresses accessed the exposed data between then and when they secured the data?
  3. Are they notifying any federal or state regulators about this incident? If so, which one(s)?
  4. Will they be notifying any of the people who had their personally identifiable information exposed?
  5. Will they be offering people complimentary mitigation services if their SSN was exposed?
  6. Can they explain why they never responded to JayeLTee’s emails and why they removed their management page from their site?

There has been no reply as of publication.  DataBreaches will update this post if a reply is received or more information becomes available.

 

 

 

Category: Business SectorCommentaries and AnalysesExposure

Post navigation

← Hackers claimed the FREE S.A.S. data had been sold. One now claims that wasn’t true. (1)
City of Columbus, Ohio cyberattack by Rhysida affected 500,000 residents →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.