Prison calling service Pay Tel has secured a publicly exposed cloud server that stored hundreds of thousands of driver’s licenses and other sensitive information about people who used its services, according to cybersecurity firm UpGuard.
Researchers at UpGuard identified a Microsoft Azure-hosted storage server containing at least 300,000 driver’s license scans and other government-issued identity documents belonging to Pay Tel customers. The server had no password protection, making its contents accessible to anyone on the web.
Pay Tel provides tablets and other communication devices to prisons across much of the United States, allowing inmates to receive calls. Customers are required to submit a copy of their identification documents and a profile photo when signing up — both of which were among the exposed data.
UpGuard also said inmate communications, including text messages, handwritten notes, and financial records, were exposed as part of the lapse. Additionally, many user-uploaded photos contained precise geolocation metadata, in some cases granular enough to identify a person’s home address.
UpGuard said it alerted Pay Tel on May 7 after determining the company managed the server, and followed up days later before the server was secured. Pay Tel has not publicly acknowledged the incident.
It remains unclear whether Pay Tel plans to notify affected individuals or comply with U.S. state data breach notification laws. This is Pay Tel’s second known security incident in as many years, following a ransomware attack in June 2025. Pay Tel president Vincent Townsend did not respond to requests for comment.
Source: Prison Phone Service Pay Tel Exposed 300K Callers’ IDs in Unsecured Cloud Server