Summary

On May 4th UpGuard researchers discovered a publicly exposed Azure storage bucket belonging to Pay Tel Communications, a corrections vendor who supplies tablets and communications services to jail inmates, especially in the American Southeast. The bucket held 3.4 million documents in 1.1TB, all images. These images contained sensitive data, including an estimated 300,000 unique driver’s licenses, inmate legal and financial documents, and personal/intimate communications. After notifying Pay Tel of the exposure, the bucket was secured.

Scope

Affected entities:

• Pay Tel Communications
• Pay Tel clients, with 387 unique jails referenced, and inmates.

Affected Individuals:

• Estimated over 300,000 unique, non-inmate users of Pay Tel’s communication platform. Largely clustered in the American southeast, notably Georgia and North Carolina.

Timeline

• May 4th - Unsecured Azure bucket discovered by UpGuard researchers.
• May 4th - Data analysis begins, sensitive content found.
• May 5th - Bucket sample downloaded for analysis and attribution.
• May 7th - Attribution determined, Pay Tel notified via their privacy@paytel.com email address.
• May 11th, morning - With no response and the bucket still exposed, UpGuard followed up with notifications to Pay Tel support addresses as well as the President and the VP of Business Development.
• May 11th, ~1PM PST - UpGuard confirms that the Azure bucket has been secured.

Attribution

• Sibling bucket - Another bucket with a similar name and hosting provider was found during research. That bucket contained assets with Pay Tel branding, leading to the hypothesis of Pay Tel owner. With that lead, other data provided sufficient evidence to proceed with notifying them.‍
• EXIF Data - The geographic distribution and clustering of GPS data discovered in the images matches exactly Pay Tel’s coverage– primarily smaller county jails in the American southeast with heavy coverage in Georgia and North Carolina. ‍
• Device metadata - Device types showed specific tablets made for inmates, including those matching the specs of Pay Tel’s tablet deployment. ‍
• Data matches Pay Tel protocol and geographical distribution - The data lines up with Pay Tel’s process of collecting ID cards and photos, as well as the many inmate receipt documents and other artifacts of their business. The geographical distribution of driver’s licenses also matches Pay Tel’s areas of operation.

Background and Context

Beginnings and Privatization

To understand why this data was collected in the first place, it helps to understand the history of jail telecommunications that led from payphones to tablets.

Privatized communications in the American prison system have evolved from heavily monitored public payphones into a multibillion dollar industry. This evolution was driven by rapid technological transformation, massive profit margins, deregulation and a literally captive market. Up until the 1980s, prisons used payphones, the same as on a street corner, usually established by AT&T prior to their ant-trust breakup. 

Pay Tel Communications was founded in 1986. Initially, they serviced public payphones across the American southeast. But as telecommunications were deregulated, Pay Tel shifted entirely to inmate telecom services in 1989, seeing massive growth potential in the specialized contracts. By the 1990s, prison communications had been fully privatized. Providers began offering specialized "Inmate Telephone Systems" (ITS) that included automated operators, voice-recognition, and the ability to block specific phone numbers. Increased “security” allowed further surveillance and logging of inmate communications. 

This era gave rise to the “site commission” contract model. To win exclusive contracts from sheriffs and state departments of corrections, private phone companies promised to return a massive percentage of their phone revenue (sometimes 60–80%) back to the facility or the county's general fund. Collect calls from jails and prisons regularly cost upwards of $1.00 per minute, with mandatory "connection fees" adding $3.00 to $5.00 the moment a call was accepted.

The Video Call Era

Eventually, the public and regulatory bodies such as the FCC began targeting the exorbitant cost of voice calls. Regulations such as the Martha Wright-Reed Just and Reasonable Communications Act authorized the FCC to regulate prison phones and cap the rate of calls made from state and local prisons. 

Private vendors pivoted to video visitation to maintain revenue. Today, the industry is defined by the widespread rollout of specialized, "detention-grade" tablets. Companies like Pay Tel provide these tablets to incarcerated individuals for "free" or for low monthly lease rates. While the hardware is cheap, the software ecosystem is highly monetized. Instead of just phone calls, modern tablet programs charge micro-fees for almost every action:

• Electronic Messaging: Inbound and outbound "e-messages" (emails) require digital "stamps" that cost anywhere from $0.25 to $0.50 each.
• Inbound Mail Scanning: Physical mail is increasingly banned in jails. Third-party vendors scan physical letters and charge inmates to view their own mail on the tablets.
• Premium Entertainment: Streaming music, streaming movies, and video games are charged by the minute or via premium monthly subscriptions.

Pay Tel has transitioned into a multimedia and software-as-a-service (SaaS) provider. Their modern suites feature secure tablets equipped with messaging apps, educational portals, and entertainment hubs. While communication between inmates and the outside world could once be facilitated by a payphone, it is now routed through the internet and entails a digital supply chain including cloud storage. 

Data Analysis

Bucket Details

Storage Provider: Microsoft Azure

Permissions: Publicly Readable

Total Size: 1.1TB

Total Number of Files: 3.4M

UpGuard Analysis Sample Size: 314GB, 500K files (~15%)

File dates: From 2018-May 2026 (Active and with files being added)

Just over a terabyte of exposed files resided on a Microsoft Azure cloud storage bucket configured to be publicly accessible, without any authentication or identification. The bucket name contained “cdn” (content delivery network) and was having more files uploaded to it in real time, suggesting an active production server.

Content Types

The image files could be classified into four categories:

• Photos of identification cards
• Scanned or photographed forms and documents, both legal and financial
• Personal communications, such as text/email screenshots and letters
• Personal photos: friends, family, kids, pets.

Driver’s Licenses and ID Cards

Researchers discovered unredacted images of identification cards, largely driver’s licenses, though passports, Social Security cards and other forms of identification were also present in smaller numbers. These IDs, as well as a profile picture, are required as part of Pay Tel’s process for those who wish to communicate with inmates in their contracted facilities. Thus while the use of the Pay Tel app is predicated on one of the parties being in jail, the drivers licenses most likely belonged to those who were not incarcerated. 

Using local OCR on a sample of 500k documents, we found that just over 10% of all pictures were some form of identification card. Extrapolating that out to the full dataset, over 300,000 id cards for unique individuals are likely present. The geographic distribution of the licenses in the analysis sample reflects quite closely the layout of facilities using Pay Tel, as does what EXIF GPS data was present.

Legal and Financial Forms

Thousands of documents related to inmates’ legal situations were included in the data. Case dockets and records, court filings and motions, warrants and bonds, conviction records and even attorney communication were all found among the pictures. Many of these include details and strategies regarding ongoing cases and appeals.

Thousands of financial documents were also discovered, mostly inmate deposit receipts, money received from friends and family by an inmate and used for prison services. Itemised commissary orders were also present, as well as a small number of bank screenshots, money orders and P2P payments.

Personal Communications

About 10% of the data set were personal communications, including text messages and chatting application screenshots, including prison messaging systems such as Pay Tel’s InteleMessage. A lesser number of email screenshots and even hand written personal letters were also detected. These range from children’s report cards and letters to incarcerated parents, to very intimate discussions between partners. Despite the surveilled nature of prison communications, there appeared to be a high expectation of privacy for the transmitted contents.

‍

Photographs 

The remainder of the dataset consists of the photos of children, pets, friends and family that were transmitted to inmates using the Pay Tel system. These serve the crucial role of keeping incarcerated people connected to their outside world. Many studies have shown that connection to friends and family while incarcerated leads to improved outcomes.

Ramifications

When a correctional facility awards an exclusive contract to a single telecom provider, any communication between inmates in that facility and the outside world must be done within their platform and according to their rules and prices. For nearly 40 years now, the friends and family of incarcerated people have battled the exorbitant fees and costs for inmate communication services. But in addition to the financial aspect, they have also battled the technology itself, with long delays and non functioning services having become expected, despite the premium price being paid for them.  

This data exposure reveals yet another burden placed on those seeking contact with incarcerated loved ones: the risk of data exposure. However specialized Pay Tel’s operations are on the frontend in order to serve prisons, on the backend they use cloud storage and hosting like everyone else, in this case Microsoft Azure. By misconfiguring the Azure bucket to be publicly readable, hundreds of thousands of the IDs and selfies required by Pay Tel, and millions of privately communicated photos handled by them, were exposed. 

This may not be the first time such information has been at risk. In 2025, the Dragonforce ransomware group claimed to have exfiltrated Pay Tel data, including tens of thousands of voice and video call recordings, scans of physical mail and other documents. Ironical