Security Lapse at Pay Tel Exposes Sensitive Data of 300,000 Users

Prison communications provider Pay Tel recently suffered a significant security failure, leaving the personal information of over 300,000 users exposed on an unsecured Microsoft Azure cloud server. Cybersecurity researchers from UpGuard discovered that the server, which lacked password protection, contained a massive repository of sensitive documents, including driver’s license scans, government-issued identification, and user profile photos. Beyond identity documents, the breach also compromised private inmate communications, including text messages, handwritten notes, and financial records.

The implications of this exposure are severe, particularly given the nature of the data involved. UpGuard noted that many of the uploaded images contained metadata revealing precise geolocation data, which could potentially expose the home addresses of individuals interacting with the prison system. This incident marks the second major security failure for Pay Tel in two years, following a ransomware attack in 2025, raising serious questions about the company’s internal data governance and commitment to cybersecurity best practices.

This event highlights a recurring and dangerous trend of tech companies failing to secure cloud storage, leaving highly sensitive personal information accessible to the public. As of now, Pay Tel has not publicly acknowledged the breach or clarified whether they intend to notify the affected individuals or comply with state-level data breach notification laws. The lack of transparency from the company’s leadership underscores the urgent need for stricter accountability and oversight for service providers that handle vulnerable populations' private information.