Prison payphone service Pay Tel exposed 300K callers' IDs in US data leak

A security lapse at US prison payphone provider Pay Tel left over 300,000 callers' driver's licenses and sensitive communications publicly exposed online. Security researchers discovered the leak before the company secured the data. The breach affected personal ID documents and inmate communications.

US prison payphone service Pay Tel suffered a significant data breach that left the sensitive personal information of more than 300,000 people publicly accessible online. The exposed data included callers' driver's licenses and records of inmate communications — some of the most private documentation a person can carry.

Security researchers discovered the publicly accessible database and alerted the company, prompting Pay Tel to secure the exposed information. The leak is believed to have remained accessible for an undetermined period before being found and reported.

What Was Exposed

The breach is particularly notable given the sensitive nature of the data involved. Driver's licenses contain a wealth of personal information — full names, home addresses, dates of birth, and government ID numbers — making them highly valuable to identity thieves and fraudsters.

Inmate communications records add another layer of concern, as they may reveal personal details about both incarcerated individuals and the family members or friends who contacted them — a population that may already face social vulnerabilities.

Risks for Those Affected

For the over 300,000 people whose data was exposed, the risks include identity theft, phishing attacks, and potential misuse of their personal information. Experts generally recommend that individuals affected by such breaches monitor their credit reports and be alert to suspicious communications claiming to be from financial institutions or government agencies.

Pay Tel has not publicly disclosed how the data came to be exposed or for how long it was accessible before researchers identified and reported the issue. The incident highlights ongoing concerns about data security practices among companies that handle the communications of incarcerated people and their families.