Hundreds of thousands of driver's license data exposed in the USA

Pay Tel, a company providing communication services for prisons in the United States, has secured an open cloud server that contained hundreds of thousands of driver's licenses and other confidential data. Zamin.uz reported this.
Researchers from UpGuard, a cybersecurity firm, had warned the company about this vulnerability. Leading technology publications have shared detailed information regarding this incident.
According to experts, at least three hundred thousand scanned driver's licenses and other government-issued identification documents remained unprotected on a server hosted on the Microsoft Azure platform. Because the server was not password-protected, anyone could access the data via the World Wide Web.
This situation poses a serious risk to users' privacy. Customers registering to use Pay Tel services were required to provide a copy of their identification documents and a profile photo.
According to the researchers, not only official documents but also prisoners' mutual correspondence, handwritten notes, and financial reports were left open to the public. The fall of such information into the wrong hands could lead to its use for various malicious purposes.
Additionally, many photos uploaded by users retained their exact geographic location coordinates. In some cases, this allowed for the identification of individuals' home addresses.
UpGuard specialists warned the company in early May of this year, and only then was access to the server restricted. It is worth noting that this is the second major security issue involving Pay Tel in the last two years.
Previously, the company's systems were also hit by a ransomware attack. So far, the company's management has not issued an official statement regarding notifying the individuals whose data was leaked or compensating for the damages incurred.
This incident once again demonstrates how crucial it is to be attentive to security measures when storing digital data.





