Back

Pay Tel Communications Exposes Sensitive Inmate Data in Major Security Breach

Severity: High (Score: 66.0)

Sources: Techcrunch, www.upguard.com, leakd.com

Published: 2026-05-28 · Updated: 2026-05-28

Keywords: communications, exposed, prison, inmate, publicly, corrections, vendor

Summary

On May 4, 2026, UpGuard researchers found a publicly exposed Azure storage bucket belonging to Pay Tel Communications, revealing 3.4 million documents, including 300,000 driver’s licenses and sensitive inmate communications. This incident follows a ransomware attack by the DragonForce gang on June 15, 2025, which compromised 399 GB of data from 121 detention centers. The data breach affects inmates and their families, as well as correctional officers, with personal and legal documents exposed. Pay Tel has not publicly acknowledged the latest security incident or confirmed whether affected individuals will be notified. The exposure highlights ongoing issues with cybersecurity practices within the corrections industry. Key Points: • 3.4 million documents, including 300,000 driver’s licenses, were exposed due to misconfigured storage. • The breach follows a ransomware attack in June 2025, indicating ongoing security vulnerabilities at Pay Tel. • Sensitive inmate communications and personal documents were accessible online, impacting inmates and their families.

Detailed Analysis

**Impact** At least 3.4 million image files totaling 1.1TB were exposed, including approximately 300,000 unique driver’s licenses, inmate legal and financial documents, and personal communications. The breach affected inmates and correctional staff across 121 detention centers and prisons in the United States, primarily in the Southeast. Sensitive data included scanned IDs, video and audio recordings of inmate communications, handwritten mail, and internal administrative documents. This exposure risks identity theft, extortion, and operational disruption within correctional facilities. **Technical Details** The initial breach occurred on June 15, 2025, via a ransomware-as-a-service (RaaS) group named DragonForce, which exfiltrated at least 399 GB of data. A publicly accessible Microsoft Azure storage bucket was discovered on May 4, 2026, containing unprotected files actively receiving uploads, indicating ongoing exposure. No specific CVEs or malware variants were disclosed, and the exact intrusion vector remains unknown. The exposed data included files from Pay Tel’s CenturionITS™ surveillance platform and inmate tablet communications, representing a failure in cloud storage configuration and data access controls. **Recommended Response** Immediately audit and secure cloud storage configurations to ensure no publicly accessible buckets or containers exist without authentication. Deploy network and endpoint detections for ransomware activity and monitor for signs of data exfiltration linked to DragonForce or similar groups. Implement strict access controls and encryption for sensitive inmate data, and conduct regular security assessments of third-party vendor systems. Monitor underground forums and threat intelligence sources for potential data leaks or ransom demands related to this incident.

Source articles (3)

  • A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses — Techcrunch · 2026-05-28
    Prison calling service Pay Tel has secured a publicly exposed cloud server storing hundreds of thousands of driver’s licenses and other sensitive information people who used its services, according to…
  • Breaking Containment How A Corrections Vendor Exposed Inmate Communications — www.upguard.com · 2026-05-28
    On May 4th UpGuard researchers discovered a publicly exposed Azure storage bucket belonging to Pay Tel Communications, a corrections vendor who supplies tablets and communications services to jail inm…
  • Prisoner Data For Ransom Ransomware Gang Targets U S Inmate Communications Provider — leakd.com · 2026-05-28
    This story caught my eye because at one time, I was an inmate in prison for hacking. Circulating the rumor mill was the hope that the Bureau of Prisons would introduce tablets to the prison population…

Timeline

  • 2025-06-15 — Ransomware attack on Pay Tel Communications: DragonForce gang exfiltrated 399 GB of data affecting 121 detention centers, targeting inmate communications.
  • 2026-05-04 — Public exposure of Azure storage bucket: UpGuard discovered an unsecured Azure bucket belonging to Pay Tel, exposing 3.4 million documents.
  • 2026-05-07 — Pay Tel notified of data exposure: UpGuard alerted Pay Tel about the exposed data, which included sensitive personal information.
  • 2026-05-28 — TechCrunch reports on data exposure: TechCrunch highlights the security lapse at Pay Tel, detailing the sensitive data that was exposed.

Related entities

  • Data Breach (Attack Type)
  • Ransomware (Attack Type)
  • Bureau Of Prisons (Company)
  • Pay Tel (Company)
  • Pay Tel Communications (Company)
  • Microsoft Azure (Company)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • DragonForce (Ransomware Group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed