Securus, a leading provider of phone records to nearly 1 million US prisoners, is the subject of a major data leak, and the company's now-public records are raising new questions about attorney-client confidentiality. Obtained by The Intercept, the cache of documents includes records for more than 70 million phone calls, placed from 37 different states where Securus operates. Of those records, 14,000 were calls between prisoners and their attorneys, which appear to have been fully recorded by Securus.

If the records are genuine, they could have serious legal implications for Securus. While prison phone calls are routinely recorded, calls to attorneys are a powerful exception, and interception of those calls has often led to cases being dismissed or convictions vacated. As a result, Securus' contracts with prisons typically include a clause promising to destroy any records of attorney calls as soon as they are discovered.

Securus believes someone with "authorized access" leaked the records

Securus says that there are no signs that it was hacked. Instead, it currently suspects that "an individual or individuals with authorized access" took and shared the records. Securus also says that it has found "absolutely no evidence" of attorney-client calls being recorded without consent from both parties. Attorneys are able to register their phone numbers for exemptions, it says, and those who don't have to agree at the beginning of each call to the recording.

Though Securus says these calls were all recorded with permission, there have been past complaints about it recording attorney-client calls. Last year, the Texas Civil Rights Project filed suit against the company for allegedly recording attorney calls at the Travis County Jail. The practice came to light after the sheriff shared recordings with the county and district attorneys. None of The Intercept's documents appear to bear directly on activities at the Travis County jail, and courts have yet to reach a final verdict in the case.

The source of the documents is still unclear. According to The Intercept, they were obtained through the publication's SecureDrop system, an open-source tool designed for anonymous disclosures. As a result, the person who obtained the document and the methods by which he or she maintained it are still unknown. Securus says that it is currently working with law enforcement to investigate the leak.

Update November 11th, 8:18PM ET: This story has been updated to include comment from Securus and to note that a hack is not currently suspected.