BOISE, Idaho (AP) — Idaho prison officials say 364 inmates exploited vulnerable software in the JPay tablets they use for email, music and games to collectively transfer nearly a quarter million dollars into their own accounts.
The department’s special investigations unit discovered the problem earlier this month, and the improper conduct involved no taxpayer dollars, Idaho Department of Correction spokesman Jeff Ray said on Thursday.
The hand-held computer tablets are popular in prisons across the country, and they are made available to Idaho inmates through a contract with CenturyLink and JPay. The tablets allow inmates to email their families and friends, purchase and listen to music or play simple electronic games.
“JPay is proud to provide services that allow incarcerated individuals to communicate with friends and family, access educational programming, and enjoy positive entertainment options that help prevent behavioral issues,” JPay spokesperson Jade Trombetta said in a prepared statement. “While the vast majority of individuals use our secure technology appropriately, we are continually working to improve our products to prevent any attempts at misuse.”
Most Read Nation & World Stories
- Smollett developments leave some baffled, others outraged
- Obama quietly gives advice to 2020 Democrats, but no endorsement
- He threw away a napkin at a hockey game. It was used to charge him in a 1993 murder.
- Coalition of states sues Trump over national-emergency declaration to build border wall
- Sailor in iconic V-J Day Times Square kiss photo dies at 95
Mark Molzen, the spokesman for CenturyLink, said the problem involved inmates “intentionally exploiting a software vulnerability to increase their JPay account balances,” but said he couldn’t provide details because CenturyLink considers it proprietary information. Molzen said the vulnerability issue has since been resolved, however.
Idaho Department of Correction spokesman Jeff Ray said in a prepared statement that 50 inmates credited their accounts in amounts exceeding $1,000; the largest amount credited by a single inmate was just under $10,000.
In all, nearly $225,000 was credited into the 364 inmates’ accounts.
“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” Ray said in a prepared statement.
So far, JPay has recovered more than $65,000 worth of credits, and the company has suspended the ability of the inmates to download music and games until they compensate JPay for its losses, Ray said. The inmates are still able to send and receive emails, however.
Meanwhile, the Idaho Department of Correction has issued disciplinary offense reports to the inmates who were allegedly involved, which means they could lose privileges and may be reclassified to a higher security risk level.
The inmates involved are housed at the Idaho State Correctional Institution, Idaho State Correctional Center, Idaho Correctional Institution-Orofino, South Idaho Correctional Institution and the Correctional Alternative Placement Plan facility operated by private prison company MTC Inc.