A security lapse at prison payphone service Pay Tel publicly exposed over 300K callers' driver's licenses | TechCrunch

Prison calling service Pay Tel has secured a publicly exposed cloud server storing hundreds of thousands of driver’s licenses and other sensitive information about people who used its services, according to a cybersecurity firm that alerted the company to the security lapse.

Security researchers with UpGuard said in a blog post that they identified a Microsoft Azure-hosted storage server hosting at least 300,000 driver license scans and other government-issued identity documents belonging to Pay Tel.

The server was unprotected without a password, allowing the data inside to be accessible from the web.

Pay Tel provides tablets and other communication devices to prisons across much of the United States for inmates to receive calls. Customers signing up to Pay Tel have to provide a copy of their identification documents and a profile photo before they can use the service, which UpGuard said were exposed. The security researchers said inmate communications, including text messages, handwritten notes, and financial records, were also exposed as a result of the security lapse.

UpGuard said it alerted Pay Tel on May 7 after determining that the company managed the server, and followed up days later before it was secured. Pay Tel has not yet acknowledged the security incident.