Pay Tel, a provider of communication services for US prisons, has secured an open cloud server that stored hundreds of thousands of driver's licenses and other sensitive data. Researchers from the cybersecurity firm UpGuard had alerted the company to this vulnerability. This is reported by Techcrunch.com reporting .
According to UpGuard experts, at least 300,000 scanned driver's licenses and other government-issued identification documents were left exposed on a server hosted on the Microsoft Azure platform. Because the server was passwordless, anyone with internet access could view the data.
Customers registered to use the Pay Tel service are required to provide copies of their identification documents and profile photos. According to the researchers, not only documents but also inmate correspondence, handwritten notes, and financial records were left publicly accessible.
Furthermore, many photos uploaded by users contained their precise geolocation (GPS coordinates). In some cases, this made it possible to identify individuals' home addresses. UpGuard notified the company on May 7, after which the server was secured.
This is the second major security issue involving Pay Tel in the last two years. In June 2025, the company was also hit by a ransomware attack. So far, the company's management has not issued an official statement regarding whether they will notify the affected individuals.
Read “Zamin” on Telegram!
