If you’re a detainee making a phone call from jail, there’s a good chance your conversation will be recorded in full, logged with your name, and digitally stored in perpetuity—even if you’re talking to your attorney.

Today, the Intercept published a report on Securus Technologies—a jail telephone service provider that is heretofore best known for gouging the shit out of detainees and their families—based on a cache of metadata and recordings of tens of millions of calls provided to the outlet by an anonymous hacker. The piece is worrying on several levels, the first and most obvious being the fact that it exists at all. As part of its services to the state and local governments that operate prisons and jails, Securus provides dragnet recording of detainee calls and “promotes its ability to securely store those recordings, making them accessible only to authorized users within the criminal justice system,” the Intercept reports. If the hacker was able to access this data, it isn’t quite as secure as the company made it out to be.

By referencing the recipient phone numbers in the leak against a directory of attorneys, the Intercept’s reporters pinpointed 19,000 calls that appear to have been made from detainees to their lawyers—communications that are theoretically protected by attorney-client privilege. The report notes that Securus calls begin with an automated message that the conversation may be monitored or recorded—passive consent to which could be construed as a waiver of privilege—but also that the company’s government contracts typically pledge not to record calls to lawyers.

It’s perfectly possible, likely even, that most of these calls sit on Securus’s servers forever, unlistened-to and gathering dust. But concerns about the practice are not strictly hypothetical: last year, a group of Austin attorneys filed a federal lawsuit against Securus alleging that prosecutors obtained and listened to calls between attorneys and their clients from the company. Securus makes no secret that law enforcement officers can access to its call data—it’s one of their selling points—but privileged calls are supposed to be protected from the practice.

David Fathi of the ACLU calls it the most “massive breach of the attorney-client privilege in modern U.S. history,” which sounds about right. How is a prisoner supposed to have a productive and honest conversation with his lawyer if he knows that some mischievous hacker—not to mention the district attorney—may be listening in?

Image via Getty. Contact the author at andy@gawker.com.