DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Professional Probation Services leak exposed almost half a million probationers’ personal info

Posted on November 6, 2024 by Dissent

If you say you always do right, then you should do right, right?

Ouch. Over on infosec.exchange, @Jayeltee recently wrote:

Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included, and when I ask them for their intentions regarding disclosure, they go into hiding mode, removing their management and Our companies contact page.

Read more about the exposed data from the company who, according to them, has “A corporate culture of knowing right from wrong, and doing right- every time.”

So DataBreaches did read more on JayeLTee’s substack.

One of the exposed databases, called “Probationers,” contained 467,383 entries with the following fields:

ProbID, CourtID, OfficeID, SentenceDate, ProbationDate, ProbationExpires, TermMonths, ProbationTypeID, JudgeID, PO, ProbFeePerMonth, VCFFeePerMonth, StatusCurrent, FName, MName, LName, Suffix, Sex, Hair, Eyes, Height, Weight, DOB, Race, SSN, PhoneCell, PhoneHome, EMail, EnteredBy, EnterDate, PhyStreet, PhyStreet2, PhyCity, PhyState, PhyZip, MailStreet, MailStreet2, MailCity, MailState, MailZip, Employer, EmployerLocation, EmployerPhone, ReportType, DL, DLState, CLP_ProbID, EarlyTerm, ModifyBy, ModifyDate, GPMID, FirstOffender, ConditionalDischarge, DrugCourt, DUICourt, ConvDocket, PrimaryCase, HoldAndClear, FinancialNote, TollDaysRemaining, TolledWarrantOrigExpireDate, PleaInAbeyance, PostIT, DoNotText, MinMonthlyPmt, PayByDate, RandomDrugTests, RandomDrugInterval, RandomDrugTexting, DoNotClose, OfficeSatelliteID, CareCourt, VetCourt, NeedsProbUpdate, MaritalStatus, Children, NumChildren, ChildrenLiveWith, Income, EducationLevel, Language, PrevArrestNumber, PBC_Division, DrugScreenLabLocation, DrugScreenType, SPOS, InvoicesZeroed, DPA, VerifiedMeds, LSRisk, PTR_Recommended, PTR_DeniedByJudge, PTR_CourtAppearanceDate, PTR_FTADate, PTR_WarrantIssued, PTR_NewArrest, PTR_TechViol, PTR_IndigentPDAppointed, Felony, FPSKey, DaysCredit, SAP, JailHold, PaymentPlan, CBMoneyDue, ORCADocket, XKey, NonCompliant, GUID

The table contained 388,685 Social Security numbers in entries, of which 330,988 were unique. It also contained 222,998 email addresses, of which 195,936 were unique.

The biggest table was “Notes.” It reportedly contained almost 20 million entries. JayeLTee provided an example after stripping it of some identifiable information:

Good afternoon.. You arrested my 5 month high risk pregnant daughter for not being able to come an hour and half away to take a drug screen 2 days after she told you in person that she has no license or car to come the 60 mile drive from loganville to your office.. She has asked you more than once to transfer it to one of the 7 offices less than 10 minutes from her house and you won’t ..’,’2023-03-07 14:43:12′,

JayeLTee presents a lot more data in his article, but let’s leap ahead to his notification to Professional Probation Services.

His email may strike some as insulting in tone, but it contained all the important details such as where to find the exposed data and what he observed in terms of the scope of the exposure. A copy of it is included in his full article.

“A corporate culture of knowing right from wrong, and doing right- every time.”

Within hours after notifying them, JayeLTee noticed that the data was no longer exposed, which is to PPS’s credit.

But PPS never responded to his notification. No “Thank you” or any acknowledgment at all. So days later, JayeLTee emailed them again to ask if they planned to disclose this leak and if so, when, so he would delay publication to give them a chance to disclose first.

They did not reply to his second email, but they did respond somewhat — they removed the webpage on their site that named their management team.

It is now more than a week since JayeLTee first reached out to PPS but received no replies.

Unanswered Questions

DataBreaches emailed PPS on November 4 to ask:

  1. When was the data first unintentionally exposed?
  2. Do they have logs that show how many unauthorized IP addresses accessed the exposed data between then and when they secured the data?
  3. Are they notifying any federal or state regulators about this incident? If so, which one(s)?
  4. Will they be notifying any of the people who had their personally identifiable information exposed?
  5. Will they be offering people complimentary mitigation services if their SSN was exposed?
  6. Can they explain why they never responded to JayeLTee’s emails and why they removed their management page from their site?

There has been no reply as of publication.  DataBreaches will update this post if a reply is received or more information becomes available.

 

 

 

Related posts:

  • Tabb Inc. Security Gaffe Exposes 200,000 Background Check Files for More Than Six Months (2)
  • No need to hack when it’s leaking, Monday edition: TeammateApp
  • Many researchers are pseudonymous. That doesn’t justify ignoring their alerts.
Category: Business SectorCommentaries and AnalysesExposure

Post navigation

← Hackers claimed the FREE S.A.S. data had been sold. One now claims that wasn’t true. (1)
City of Columbus, Ohio cyberattack by Rhysida affected 500,000 residents →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.