Home > Security > Security News

Pay Tel Data Leak: Microsoft Azure Server Misconfiguration Exposes 300,000 Government-Issued IDs

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Exposed inmate and family records
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Cloud Server Breach: Pay Tel left a Microsoft Azure storage server unprotected, exposing over 300,000 government-issued IDs.
  • Sensitive Inmate Data: Researchers discovered that sensitive inmate details were among the publicly accessible data.
  • Repeated Security Failures: This incident marks the second major vulnerability for Pay Tel since a June 2025 ransomware attack.

Prison calling service Pay Tel has secured a publicly exposed cloud server after security researchers discovered a massive data leak as a Microsoft Azure-hosted storage server managed by Pay Tel that was left entirely unprotected, without a password, exposing at least 300,000 driver’s license scans and other government-issued identity documents

Pay Tel provides tablets and other communication devices to prisons across much of the U.S. To access the service, customers had to provide identification documents and a profile photo. 

Scope of Pay Tel Compromised Data

Threat intelligence researchers at UpGuard identified this critical misconfiguration that made the infrastructure fully accessible from the web. The report said the incident affects Pay Tel Communications and Pay Tel clients, with 387 unique jails referenced, and inmates.

Redacted example of exposed driver’s license from North Carolina | Source: UpGuard
Redacted example of exposed driver’s license from North Carolina | Source: UpGuard

The misconfiguration exposed data that extended beyond initial identity verification. Other details exposed to the public internet include inmate communications, such as:

Redacted example of screenshotted text message discussion | Source: UpGuard
Redacted example of screenshotted text message discussion | Source: UpGuard

Furthermore, many uploaded photos contained precise real-world location data. In some instances, this telemetry was granular enough to identify someone’s exact home address, posing severe privacy risks.

The remainder of the dataset consists of the photos of children, pets, friends, and family that were transmitted to inmates using the Pay Tel system,” the report added.

Incident Timeline and Response

UpGuard officially alerted Pay Tel to the exposure on May 7 and followed up days later before the server was finally secured. Currently, it remains unclear whether the company will notify affected individuals or alert attorneys general under U.S. state data breach notification laws.

The Dragonforce ransomware group claimed a Pay Tel Communications data breach in June 2025.

Last week, reports said a CISA contractor exposed AWS GovCloud keys via a public GitHub repository. In April, researchers discovered that the Duales Duc App data was left unprotected due to an unencrypted server, exposing over 360,000 files. 

Add a Comment
Related
data breach
Charter Data Breach: Approximately 4.9 Million Emails Added to HIBP Following ShinyHunters Claim
Adversaries Exploit US Troop Geolocation Data via Ad Profiles
Attackers Target Signal Secure Backups via Phishing Campaign
Kemper Corporation Exposes Approximately 270,000 Accounts Following ShinyHunters Breach Claim
Watch Out for Fake FIFA Websites Appearing Ahead of the 2026 World Cup, FBI and IC3 Warn
FortiClient EMS Exploited via CVE-2026-35616 for EKZ Infostealer Deployment
Most Popular
Copy, Paste, Compromise? Why Developer Workflows Need New Guardrails
How a Cline Vulnerability Exposed a Growing AI Agent Security Gap
data breach
Charter Data Breach: Approximately 4.9 Million Emails Added to HIBP Following ShinyHunters Claim
Adversaries Exploit US Troop Geolocation Data via Ad Profiles
Polymarket KYC Changes Bring Stricter VPN Controls
Polymarket Tightens VPN Restrictions and Expands KYC Checks Amid Regulatory Pressure
Attackers Target Signal Secure Backups via Phishing Campaign
Copy, Paste, Compromise? Why Developer Workflows Need New Guardrails
How a Cline Vulnerability Exposed a Growing AI Agent Security Gap
Charter Data Breach: Approximately 4.9 Million Emails Added to HIBP Following ShinyHunters Claim
Adversaries Exploit US Troop Geolocation Data via Ad Profiles
Polymarket Tightens VPN Restrictions and Expands KYC Checks Amid Regulatory Pressure
Attackers Target Signal Secure Backups via Phishing Campaign

Most Popular
Copy, Paste, Compromise? Why Developer Workflows Need New Guardrails
How a Cline Vulnerability Exposed a Growing AI Agent Security Gap
data breach
Charter Data Breach: Approximately 4.9 Million Emails Added to HIBP Following ShinyHunters Claim
Adversaries Exploit US Troop Geolocation Data via Ad Profiles
Polymarket KYC Changes Bring Stricter VPN Controls
Polymarket Tightens VPN Restrictions and Expands KYC Checks Amid Regulatory Pressure
Attackers Target Signal Secure Backups via Phishing Campaign
Copy, Paste, Compromise? Why Developer Workflows Need New Guardrails
How a Cline Vulnerability Exposed a Growing AI Agent Security Gap
Charter Data Breach: Approximately 4.9 Million Emails Added to HIBP Following ShinyHunters Claim
Adversaries Exploit US Troop Geolocation Data via Ad Profiles
Polymarket Tightens VPN Restrictions and Expands KYC Checks Amid Regulatory Pressure
Attackers Target Signal Secure Backups via Phishing Campaign

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: