Securus Technologies, the prison technology firm based in Dallas that provides phone service to incarcerated people around the country, said on Thursday its system was not hacked by an outsider, but likely breached by an internal employee with access to the phone calls. “At this preliminary stage,” the company wrote, “evidence suggests that an individual or individuals with authorized access to a limited set of records may have used that access to inappropriately share those records.”

On Wednesday, the investigative news site the Intercept published a report that an “anonymous hacker” had handed over a cache of 70 million recorded prison phone conversations from the servers of Securus. Because many of the recordings included conversations with attorneys, one civil rights lawyer dubbed the leak “the most massive breach of the attorney-client privilege in modern U.S. history.” 

Securus Technologies -- whose business practices have been closely scrutinized by International Business Times in recent months -- did not comment for Wednesday’s report, fueling online speculation about their role in the breach and what was being done to prevent further calls from being leaked. 

“Securus is contacting law enforcement agencies in the investigation into media reports that inmate call records were leaked online,” the company said on Thursday. “Although this investigation is ongoing, we have seen no evidence that records were shared as a result of a technology breach or hack into our systems.”

Securus CEO Rick Smith did not reply to a request for comment.

Nearly all jails and prisons in the U.S. contract with private phone companies to give incarcerated people a way to keep in touch with family and friends. One of the reasons these calls tend to be so expensive, the companies say, is because all calls are recorded and stored on private servers, which require a massive amount of online storage and protection. 

With 2.2 million individuals locked up around the country, billions of minutes of calls are stored each year.

Law enforcement officials say that recording an inmate's call is an essential tool. Police, for instance, use the call recordings to carry out investigations. They also hire extra personnel to monitor the calls to make sure people aren’t coordinating criminal activity with associates outside prison walls. 

The most troubling part of Wednesday's report, however, was not just that the phone recordings were breached -- it was that 14,000 of the calls were apparently recordings made between attorneys and their clients, a clear violation of their constitutional rights. 

Securus has not outright denied that attorney calls were recorded but instead claimed their technology includes “multiple safeguards” to make sure that attorney calls are not recorded. “It is very important to note that we have found absolutely no evidence of attorney-client calls that were recorded without the knowledge and consent of those parties,” the company wrote. 

Critics question the claim that the company invests in safeguards to prevent calls between inmates and attorneys from being recorded.

“They invest heavily in their marketing and kickbacks to officials, but the products are a far cry from living up to their claims of superior technology,” said Josh Gravens, a community activist in Texas who has been critical of Securus’ business practices.

In recent months, the company has gone to great lengths to tout its security and technological prowess. In May, for instance, the company opened a 10,000-square-foot “high tech facility” to showcase the company’s products. 

But there have been troubling signs that the company’s data facilities were not secure and reliable. In June, a “round of bad weather” knocked out the cooling systems at the company’s data management center, shutting off phone access to millions of prisoners and their families for several hours. 

Gravens also noted that, while this may be the first time it was publicly revealed that Securus (and other prison phone providers) record attorney calls, those who work in the criminal justice field know it happens routinely. “The reality is, they were never supposed to get caught,” he said. 

Paul Wright, the executive director of the Human Rights Defense Center, agreed: “Basically it confirms what most of us already knew or suspected."