Prisoner Data for Ransom: Ransomware Gang Targets U.S. Inmate Communications Provider

This story caught my eye because at one time, I was an inmate in prison for hacking. Circulating the rumor mill was the hope that the Bureau of Prisons would introduce tablets to the prison population. But now, I’m glad I was never involved.

On June 15, 2025, Pay Tel Communications suffered a major data breach at the hands of the RaaS (Ransomware-as-a-Service) gang known as DragonForce. The attack, amounting to at least 399 GB of exfiltrated data, impacted 121 detention centers and prisons across the United States, making inmates themselves the primary victims, and correctional officers.

Pay Tel provides telecom as well as a variety of technology services inside the U.S. correctional facilities, such as tamper-proof communication platforms, such as tablets, which reduce contraband risk and eliminate the need for physical mail.

Pay Tel first introduced their secure inmate tablets, first known as inteleTABLET™, in late 2010, which introduced digital communications. This shift ramped up through the early 2020s.

Among the data targeted was data associated with Pay Tel’s CenturionITS™, an autonomous surveillance and intelligence monitoring platform that filters all inmate communications, activities, and device usage through its system. This allows correctional staff to respond to flagged keywords and patterns and restrict or disable inmate communication privileges in real-time.

At this time, it is not readily known how DragonForce breached Pay Tel’s servers, since neither the ransomware group nor the company has made any public disclosures, nor did either indicate whether ransomware was used, or data extortion. Additionally, it is not publicly known if Pay Tel has satisfied any ransom demand, or when the data extortion gang plans to release the stolen files for public viewing.

The exfiltrated cache reportedly includes more than 10,000 video call recordings between inmates and their loved ones, over 10,000 audio conversations, likely siphoned from monitored inmate phone calls. Moreover, the group pulled upwards of 20,000 scanned images of physical inmate mail, along with over 70,000 internal documents. This appears to be administrative and work-related.

Understanding the Victim-Impact

I cannot emphasize enough how important technology like this is to inmates, especially those who have served lengthy sentences and missed out on pivotal technological shifts. Gaining familiarity with common-use devices like tablets—tools many of us use without a second thought- gives them a chance to gradually acclimate to modern technological norms.

I had never seen a smartphone, let alone a tablet, before I was arrested. Some inmates have never used a computer at all, yet they'll be released into a world where looking for a job in the Yellow Pages is completely unheard of.

Many prisons have eliminated physical mail from being received by inmates. As an alternative, correctional facilities are opting instead to photocopy, analyze, and archive all incoming mail. This is largely due to the fight to eliminate contraband.

The level of surveillance in these environments can be overwhelming. I was no stranger to mail censorship myself. Letters are often deeply personal and can contain extremely sensitive information, far beyond a simple “hello, how are you?” In the wrong hands, that kind of vulnerability could easily put others at risk.

Letters could reveal the identities of informants or contain credentials, banking information, and reveal secrets others could exploit. Furthermore, recordings from remote video calls between inmates and loved ones may expose personal moments that could be used for exploitative purposes, making the possible chain of extortion far greater than the data stolen by DragonForce.

Oftentimes, inmate-related documents such as educational materials or vocational training records may include names, addresses, phone numbers, social security numbers, and employment history - all ingredients sought after by identity fraudsters.

Internal guard and administrative documents could contain staff schedules, training, and policy manuals, which detail everything related to an institution’s daily operations. Surveillance reports containing data related to gang intelligence and organized crime activities could be sold to rival criminal enterprises.