BOISE, Idaho (AP) — Idaho prison officials say 364 inmates exploited vulnerable software in the JPay tablets they use for email, music and games to collectively transfer nearly a quarter million dollars into their own accounts.
The department’s special investigations unit discovered the problem earlier this month, and the improper conduct involved no taxpayer dollars, Idaho Department of Correction spokesman Jeff Ray said on Thursday.
The hand-held computer tablets are popular in prisons across the country, and they are made available to Idaho inmates through a contract with CenturyLink and JPay. The tablets allow inmates to email their families and friends, purchase and listen to music or play simple electronic games.
“JPay is proud to provide services that allow incarcerated individuals to communicate with friends and family, access educational programming, and enjoy positive entertainment options that help prevent behavioral issues,” JPay spokesperson Jade Trombetta said in a prepared statement. “While the vast majority of individuals use our secure technology appropriately, we are continually working to improve our products to prevent any attempts at misuse.”
Most Read Nation & World Stories
- Trump campaign selling email and phone lists for millions of supporters
- Prince Harry, Meghan expecting child in spring
- Alec Baldwin urges 'overthrow' of Trump government via voting
- Kushner paid almost no taxes for years, documents show
- Warren DNA analysis points to Native American heritage
Mark Molzen, the spokesman for CenturyLink, said the problem involved inmates “intentionally exploiting a software vulnerability to increase their JPay account balances,” but said he couldn’t provide details because CenturyLink considers it proprietary information. Molzen said the vulnerability issue has since been resolved, however.
Idaho Department of Correction spokesman Jeff Ray said in a prepared statement that 50 inmates credited their accounts in amounts exceeding $1,000; the largest amount credited by a single inmate was just under $10,000.
In all, nearly $225,000 was credited into the 364 inmates’ accounts.
“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” Ray said in a prepared statement.
So far, JPay has recovered more than $65,000 worth of credits, and the company has suspended the ability of the inmates to download music and games until they compensate JPay for its losses, Ray said. The inmates are still able to send and receive emails, however.
Meanwhile, the Idaho Department of Correction has issued disciplinary offense reports to the inmates who were allegedly involved, which means they could lose privileges and may be reclassified to a higher security risk level.
The inmates involved are housed at the Idaho State Correctional Institution, Idaho State Correctional Center, Idaho Correctional Institution-Orofino, South Idaho Correctional Institution and the Correctional Alternative Placement Plan facility operated by private prison company MTC Inc.