A data breach at Pay Tel, a company that provides phone services for prisons, exposed more than 300,000 driver's licenses and other sensitive identification documents belonging to people who called inmates.
Security researchers discovered the unprotected data earlier this month. The information included driver's licenses, personal identification cards and inmate call records. Pay Tel secured the publicly available data after being notified by the researchers.
Scope of the Exposure
The leaked data contained images of driver's licenses from over 300,000 individuals. Many of these people were likely family members or friends of inmates. The database also included recordings and logs of inmate phone calls, exposing private communications.
Researchers said the data was accessible without any authentication. Anyone with the correct web address could view the files. This type of vulnerability is known as a broken access control issue.
Potential Consequences
Individuals whose driver's licenses were exposed face potential identity theft. Fraudsters could use the documents to open accounts or commit other crimes. The leak also raises concerns about the privacy of inmates and their contacts.
Prison phone systems are frequently criticized for high costs and limited oversight. This incident highlights additional security risks in these services.
Why This Matters
This breach affects real people who have a personal connection to the prison system. It puts their personal information at risk with little recourse. The incident also shows how vulnerable critical communication infrastructure can be when companies fail to secure basic databases.
Authorities have not announced any investigation into Pay Tel. The company has not commented on whether it will notify affected individuals.
