Idaho prison officials say 364 inmates exploited vulnerable software in the JPay tablets they use for email, music, and games to collectively transfer nearly a quarter million dollars into their own accounts, reports the AP. The department's special investigations unit discovered the problem earlier this month, and the improper conduct involved no taxpayer dollars, says Idaho Department of Correction spokesman Jeff Ray. The hand-held computer tablets, made available to Idaho inmates through a contract with CenturyLink and JPay, are popular in prisons across the country and allow inmates to email families and friends, purchase and listen to music, or play electronic games. In this case, however, a CenturyLink rep says the problem, since resolved, involved inmates "intentionally exploiting a software vulnerability to increase their JPay account balances."
In all, nearly $225,000 was credited into the accounts of 364 inmates at five facilities. Ray said 50 inmates credited their accounts in amounts exceeding $1,000; the largest amount credited by one inmate was just under $10,000. "This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system's vulnerability," says Ray. So far, JPay has recovered more than $65,000 worth of credits and suspended the ability of the inmates to download music and games until they compensate JPay for its losses. The inmates are still able to send and receive emails. Meanwhile, the Idaho Department of Correction has issued disciplinary offense reports to the inmates who were allegedly involved, which means they could lose privileges and may be reclassified to a higher security risk level. (Read more inmates stories.)