Pay Tel, a service providing communication devices for inmates, has experienced a significant security breach that exposed sensitive information of over 300,000 users. A cloud server, hosted on Microsoft Azure, was found to be publicly accessible without password protection, allowing unauthorized access to driver’s license scans and other personal documents.
Details of the Breach: Security researchers from UpGuard discovered the lapse and reported it to Pay Tel on May 7. The exposed data included:
- Driver’s licenses and government-issued identity documents
- Inmate communications such as text messages and notes
- Financial records related to the service
Many of the uploaded images also contained geolocation data, potentially revealing users' home addresses.
Company Response: Despite UpGuard's notification, Pay Tel has not publicly acknowledged the breach or indicated whether it will notify affected individuals or comply with state data breach notification laws. This incident marks Pay Tel's second known security issue in recent years, following a ransomware attack in June 2025.
Wider Implications: This incident highlights a growing trend of tech companies misconfiguring systems, leading to the exposure of sensitive customer data. Similar cases have been reported, emphasizing the need for improved cybersecurity measures across the industry.
What to Do Next: Users of Pay Tel should monitor their accounts for any suspicious activity and consider changing passwords or taking additional security measures. The incident serves as a reminder for all individuals to remain vigilant about their personal information online.
