Prison Phone Service Data Breach Exposes 300K Callers' IDs
TL;DR
- UpGuard says a publicly accessible cloud server tied to Pay Tel exposed more than 300,000 scans of driver’s licenses and other sensitive identity documents for incarcerated users and their contacts.
- The exposed material reportedly included government IDs, profile photos, text messages, handwritten notes, and financial details, with some images containing precise geolocation metadata.
- UpGuard says it notified Pay Tel on May 7 and followed up later; as of the report, Pay Tel had not publicly acknowledged the breach.
Prison Phone Service Data Breach Exposes 300K Callers' IDs
What happened
A cybersecurity report says Pay Tel, a company that provides communication services for correctional facilities, left a Microsoft Azure storage server publicly accessible without password protection. According to the report, the server contained at least 300,000 scans of driver’s licenses and additional government-issued identification documents tied to Pay Tel users.
The exposed files were not limited to ID images. UpGuard said the server also contained profile photos, inmate communications such as text messages and handwritten notes, and financial information associated with the service.
Why the exposure is especially sensitive
Prison communication providers often collect more information than a typical consumer app because they must verify identities and manage access to incarcerated people and their contacts. In this case, that appears to have created a large archive of documents that could identify users, their families, and other outside contacts.
UpGuard also said many of the uploaded images included precise geolocation metadata, in some cases detailed enough to reveal a person’s home address. That raises the risk of identity theft, stalking, social engineering, and other forms of misuse if the files were accessed by unauthorized parties.
How Pay Tel fits into the prison telecom market
Pay Tel supplies tablets and other communication tools to correctional facilities across a wide portion of the United States, allowing incarcerated people to make calls and exchange messages. Because these systems handle identity verification, contact lists, and communications records, they can accumulate sensitive data at scale.
That makes them attractive targets for attackers and dangerous when storage is misconfigured or left open to the internet.
Company response so far
UpGuard said it notified Pay Tel of the issue on May 7 after confirming the company was responsible for the server, then followed up days later to make sure the problem was addressed. The report said that, at the time of publication, Pay Tel had not publicly acknowledged the incident.
The same report also described the breach as Pay Tel’s second major security incident in two years, following a ransomware event in June 2025.
Broader security concerns for prison communication systems
The Pay Tel incident comes against a backdrop of recurring security problems in prison telecom and correctional data systems. In prior cases, prison phone providers have exposed call records, recordings, and other sensitive information affecting inmates, attorneys, and outside contacts.
Security experts have repeatedly warned that prison VoIP and communications platforms raise serious privacy concerns because they handle enormous amounts of personal and legal information. In some cases, those records have included attorney-client communications, a particularly sensitive category of data.
Why this matters now
The Pay Tel exposure highlights a simple but consequential failure: highly sensitive identity data was stored in a way that left it reachable online. For correctional communication companies, that kind of lapse can affect not only incarcerated people, but also families, lawyers, and anyone else who interacts with the system.
It also shows that data security in sensitive sectors is not just a technical issue. When the service sits between prisons and the outside world, a breach can turn routine verification documents into a privacy crisis.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!