Prison payphone service Pay Tel exposed 300K+ driver licenses
Original: A security lapse at prison payphone service Pay Tel publicly exposed over 300K callers’ driver’s licenses
Why This Matters
Highlights recurring security failures in prison tech services handling sensitive personal data
Pay Tel, a prison communication service provider, left an unprotected cloud server exposing over 300,000 driver licenses and identity documents on the open web. UpGuard security researchers discovered the Microsoft Azure server containing customer identification documents, inmate communications, and financial records without password protection.
Security firm UpGuard discovered Pay Tel's unsecured Microsoft Azure server containing at least 300,000 driver license scans and government-issued identity documents. The prison calling service requires customers to submit identification and photos before using tablets and communication devices in prisons across the US. The exposed data included inmate text messages, handwritten notes, financial records, and photos with precise location metadata that could reveal home addresses. UpGuard notified Pay Tel on May 7 and followed up before the server was secured. This marks Pay Tel's second security incident following a June 2025 ransomware attack. Company president Vincent Townsend has not responded to inquiries, and it remains unclear if affected individuals will be notified under state breach notification laws.