A Texas-based prison technology company is coordinating with law enforcement to identify the source of a leak that put millions of inmate phone records in the hands of reporters.

“Although this investigation is ongoing, we have seen no evidence that records were shared as a result of a technology breach or hack into our systems,” reads a statement by Securus, a for-profit prison company headquartered in Dallas, Texas. Securus processes over a million inmate phone calls at more than 2,200 U.S. facilities each day.

“The Securus hack offers a rare look at this little-considered form of mass surveillance of people behind bars…”

On Wednesday morning, the Intercept revealed the breach of Securus’ systems in an exhaustive report detailing the leak of more than 70 million phone call records placed to nearly 1.3 million unique numbers. A database of telephone metadata—the names and phones numbers of callers, as well the dates, times, and durations of the calls—was included, along with a link to a “recording URL” where audio recordings of the calls were found.

The Intercept highlighted the company’s surveillance practices, particularly with regards to the collection of attorney-inmate calls. Researching nearly 1.3 million phone numbers, reporters say they discovered more than 14,000 calls placed by inmates to attorneys, a figure that does not include calls received by cellphone.

The database lists over 12,000 recorded attorney-inmate conversations in Missouri, according to the Intercept, and details 75 calls placed to the state’s U.S. attorney’s office. Intercept reporters also say they’ve discovered 27 recordings of calls made to attorneys in Austin, where Securus has been sued for allegedly compromising privileged communications.

“The Securus hack offers a rare look at this little-considered form of mass surveillance of people behind bars—and of their loved ones on the outside—raising questions about its scope and practicality, as well as its dangers,” the article says.

The Intercept identified the source of the leak only as “an anonymous hacker who believes that Securus is violating the constitutional rights of inmates.” The leak, a 37-gigabyte cache containing information on 63,000 U.S. prisoners, was received via SecureDrop, a system for anonymously passing reporters source material, pioneered by the late transparency activist Aaron Swartz.

In a statement Thursday, Securus said it had seen no evidence that the records were improperly accessed “as a result of a technology breach or hack” of its systems. “Instead, at this preliminary stage,” the company said, “evidence suggests that an individual or individuals with authorized access to a limited set of records may have used that access to inappropriately share those records.”

“Just because someone passively ignores the warning doesn’t mean that their Sixth Amendment rights no longer apply.”

The company defended its phone-recording program, citing “multiple safeguards” to prevent attorney-client calls from being recorded without consent: “Attorneys are able to register their numbers to exempt them from the recording that is standard for other inmate calls,” Securus said. Attorneys who do not ask to have their conversations exempted from recording, the company added, “would also hear a warning about recording prior to the beginning of each call, requiring active acceptance.”

Security reporter Micah Lee, co-author of the Intercept’s report, told the Daily Dot in response to Securus’ statement that an attorney failing to opt-out of the surveillance does not waive a defendant’s rights.

Being paramount to the concept of “fundamental fairness” in legal representation, the privacy of communications between attorneys and their clients—a privilege that greatly diminishes the threat of compelled disclosure—has long been recognized by the courts as most crucial to the Sixth Amendment, a constitutional barrier that protects legal strategy conferences if a lawyer intends for the communication with a client to remain confidential and can show a reasonable expectation that it should be.

“Securus thinks that, because there is a warning at the beginning of each call that says ‘This call is from a correctional facility and may be monitored and recorded,’ and inmates still choose to have conversations with their lawyers, that means that they have waived their attorney-client privilege,” Lee told the Daily Dot in a private Twitter message, noting that his team has so far uncovered calls placed to over 800 law firms. “Just because someone passively ignores the warning doesn’t mean that their Sixth Amendment rights no longer apply.”

Photo via StockyPics (CC BY 2.0) | Remix by Max Fleishman