Pay Tel exposed over 300,000 callers’ driver’s licenses in cloud server lapse

The Story

A security lapse at prison phone service Pay Tel left a cloud server storing at least 300,000 driver’s licenses and other government IDs publicly accessible without a password, according to cybersecurity firm UpGuard. UpGuard alerted Pay Tel on May 7, and the server was secured days later, but Pay Tel has not acknowledged the incident. The exposure also included inmate communications, text messages, handwritten notes, and financial records.

Key Facts

  • UpGuard identified a Microsoft Azure-hosted storage server storing at least 300,000 driver’s license scans and other government-issued identity documents belonging to Pay Tel.
  • The server was unprotected without a password, making the data accessible from the web.
  • Pay Tel requires customers to upload a copy of their identification documents and a profile photo before they can use the service; those documents were exposed.
  • Inmate communications, including text messages, handwritten notes, and financial records, were also exposed.
  • UpGuard alerted Pay Tel on May 7, followed up days later, after which the server was secured.
  • Pay Tel has not acknowledged the security incident.
  • UpGuard noted that many user-uploaded photos contained precise real-world location data, granular enough to identify someone’s home address.
  • This is Pay Tel’s second known security lapse in two years, following a ransomware attack in June 2025.
  • Pay Tel president Vincent Townsend did not respond to TechCrunch’s email seeking comment.

Conflicting Reports

No conflicting reports identified in the source article.

Still Unclear

  • Whether Pay Tel plans to notify the individuals whose data was exposed.
  • Whether the company will alert attorneys general under U.S. state data breach notification laws.
  • Who, if anyone, is responsible for cybersecurity at Pay Tel.

Misconceptions

No widespread misconceptions addressed in the source article.

Key Figures

  • Vincent Townsend, president of Pay Tel
  • UpGuard, cybersecurity firm that identified the lapse

Sources: TechCrunch

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *