Ransomware attack on Florida prisons disrupts phones, email and visitation

An email containing the personal contact information of dozens, and possibly hundreds, of approved visitors was inadvertently sent to every inmate at Florida’s Everglades Correctional Institution (ECI) in Miami-Dade County. The leaked data included names, phone numbers, email addresses, and visitor–inmate relationships, report says.

 

Inmates accessed the data through facility-provided tablet kiosks and secure communication channels. As of now, the Florida Department of Corrections (FDC) has not issued a public comment regarding the incident.

 

Several visitors shared their fear and outrage:

 

“This is how other inmates … can sometimes extort family members … it’s concerning.” — Madeline Donate(Florida Phoenix)

Another visitor recounted a potential threat scenario:

 

“What if … he tells his family … I’m going to have her husband stabbed and killed? What’s stopping them from doing that?” — Jan Thompson(Florida Phoenix)

 

These incidents highlight the danger of exposing non‑financial personal data in environments where recipients might misuse it.

 

Visitor applications were mandated for each visit under protocols introduced during the COVID‑19 pandemic—protocols that remain in place despite no longer being necessary. Stakeholders have criticised this process as redundant and prone to error, directly contributing to the privacy breach.

 

Advocacy group Florida Cares called for elimination of the duplicative visitor sign-up system, stating it creates unnecessary safety risks and should be discontinued immediately.(Florida Phoenix)

 

Though this is not a traditional cyber breach, it serves as a stark reminder that human error and misconfiguration can lead to dangerous data exposures, especially when systems grant direct access to personal information in custodial settings.

 

Organizations handling sensitive data, whether in corrections, healthcare, or education, must consider the physical and safety implications of data leaks, not just financial or reputational impact.