Just because someone is behind bars, it doesn’t mean their creativity is locked up.
Just ask 364 inmates at five correctional facilities in Idaho who found a vulnerability in a system and added almost $250,000 to their JPay accounts, according to the Idaho Department of Corrections.
JPay is a U.S.-based service provider that contracts with state Departments of Correction (DoC), county jails, and private federal prisons.
It provides tablets designed specifically for the corrections industry through which inmates can send emails or messages to their loved ones, buy music, play games, receive money to their commissary or trust account, and more.
The inmates get the tablet and are allowed to use it, but they can’t access the Internet from it.
The inmates found a way to credit their accounts without paying for it.
Fifty inmates credited their accounts in amounts exceeding $1,000, and the largest amount credited by a single inmate was just under $10,000. In total, nearly $225,000 were added to the various accounts.
“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” said Idaho Department of Correction spokesman Jeff Ray.
The Idaho Department of Corrections has issued disciplinary reports to the inmates involved in the scheme and as a result of this they can lose some privileges and be reclassified to a higher security risk level.
JPay managed to recover over $65,000 worth of credits but is determined to get the rest of the money back from the hacking inmates. They can continue to send emails and messages to family and friends, but can’t buy music or access games until they pay the company back.