Idaho prison officials announced yesterday in a press release that they've identified 364 inmates who have exploited a vulnerability in their prison-issued tablets and have used it to assign nearly $225,000 worth of digital credits to their tablet accounts.
Inmates used these digital credits to buy access to music and games that they could play on the tablets.
The five facilities are the Idaho State Correctional Institution, Idaho State Correctional Center, Idaho Correctional Institution-Orofino, South Idaho Correctional Institution and the Correctional Alternative Placement Plan, all five operated by the same company —MTC Inc..
The hacked tablets have been used at low-security level prisons across the US for a few years now. They've been offered through a partnership between CenturyLink and JPay.
Spokespersons for both companies said the vulnerability inmates exploited was identified and fixed. Officials from the Idaho Department of Correction (IDC) said there was no loss of state funds as a result of the hack, as inmates transferred only JPay-managed (fictitious) digital credits to their accounts.
Most inmates transferred small amounts of credits to their tablet accounts. Around 50 of the 364 inmates transferred more than $1,000 worth of credits to their tablets. The largest amount an inmate assigned to his account was of over $11,000.
JPay said it recovered more than $65,000 worth of digital credits from the 364 inmate accounts. The company has suspended the ability to buy games and music via digital credits on the tablets of offending inmates. Email functionality was left intact, and the company plans to recover the incurred losses.
Prison officials have also reprimanded the inmates behind the hacking, who've been assigned a higher security risk and lost various privileges.
Image credits: JPay