Prisoners Hack the Securus App, Spending Over $85,000 in Fraudulent Money
Despite being tipped off in January of 2023, almost nobody outside of the Kentucky Department of Corrections has heard about how several hundred prison inmates hacked their state-issued, for-profit computer tablets to create more than $1 million that didn’t really exist.
An anonymous tip on Jan. 3, 2023, alerted Kentucky corrections officials that prisoners had hacked state-issued, for-profit computer tablets and spent nearly $88,000 of fraudulent money on digital media products.
By the time state officials learned what was happening — when they got an anonymous tip on Jan. 3, 2023 — the prisoners had spent nearly $88,000 on digital media products, according to a review of more than 1,700 pages of internal investigative records the Herald-Leader obtained through the Kentucky Open Records Act.
The prisoners successfully manipulated a payments app to generate over $1 million in non-existent funds.
These virtual "dollars" were then used for various digital purchases such as email and video visits with family members, games, music, and movies.
In December 2022, Securus introduced an app for Kentucky inmates, allowing them to transfer funds from their commissary accounts to Securus accounts for purchasing digital products.
LaDaniel Brown, an inmate, discovered a flaw. By placing a minus sign before a dollar amount during the transfer, he could artificially inflate his commissary and Securus balances. Typing "-$500" credited $500 to both accounts.
Brown exploited this glitch repeatedly, accumulating $1,892.55. The hack quickly spread among inmates, leading to widespread abuse.
This incident marks the second time that inmates have outsmarted Securus Technologies. In 2018, several hundred Idaho prisoners hacked tablets provided by JPay, a company related to Securus, and transferred approximately $225,000 into their digital media accounts.
Despite these significant security breaches, Securus Technologies has not responded to requests for comment on the matter as per Herald-Leader.
Kentucky Corrections Commissioner Cookie Crews and other state officials declined to be interviewed for this story.
In a series of email exchanges with the Herald-Leader, a spokeswoman for the Justice and Public Safety Cabinet, which oversees the Department of Corrections, said no taxpayer money was lost in the hacking, which she referred to as a “software glitch.”
Only Securus can explain what it did to help retrieve the stolen funds, said cabinet spokeswoman Morgan Hall, referring questions to the company.
Bianca Tylek is executive director of Worth Rises, a nonprofit advocacy group that’s critical of what it calls “the prison industry.” Tylek said she would describe the hacking “more like a loss of revenue for Securus than a theft of funds.”
“This is lunacy, what these corporations are allowed to do to people who are incarcerated, and to their loved ones,” Tylek said.
“These are incredibly cheap services in the year 2024 — I mean, we’re talking about email and video chat — that would not require much of a state agency’s budget, and it would tremendously help us to keep an inmate’s family relationships stable for when they’re released. But we sell this to inmates at exorbitant prices to make a profit.”
“At some point you have to ask yourself, who’s really committed the crime here?” she said.