A Romanian inmate managed to pull off one of the most shocking prison security breaches in the country after hacking into the national penitentiary system and altering key data for himself and 15 other prisoners.
The inmate, held at Târgu-Jiu Penitentiary, reportedly spent over 300 hours logged into the internal IT system, where he accessed and changed sentence lengths, detention conditions, financial records, visitation rights, and even security-related information.
According to the National Union of Penitentiary Police Officers (SNPP), the inmate had been transferred to Târgu-Jiu in July after a temporary stay at Dej Penitentiary Hospital.
There, he allegedly obtained the login credentials of an employee with administrator privileges.
Once back at Târgu-Jiu, he used those credentials to access the InfoKiosk terminals used in prisons across the country. This gave him full access to the IMSweb system, the national platform used to manage inmate data.
Investigators say that at first, the inmate browsed basic data — room occupancy, inmate transfers, and leave records.
But starting August 14, 2025, he began manipulating sensitive financial details.
SNPP reported that he:
- Changed transaction amounts
- Created fake transactions
- Deleted records
- Altered balances in inmates’ purchase accounts
He even made purchases without having funds deducted, which is how staff eventually discovered the breach.
Using the same access, he reduced his own sentence by entering fake data showing he had served more days than he actually had.
Fifteen inmates benefited overall — through shortened sentences, added funds, more visit privileges, and altered compensatory days.
Reports say the inmate logged in daily for three months, modifying critical information across multiple prisons.
Some inmates even accessed security data, including intervention recordings, and allegedly discussed cloning the entire application.
Although the activity was detected about a month ago, authorities did not immediately make the case public.
Romania’s justice minister Radu Marinescu confirmed that the National Administration of Penitentiaries had implemented over 20 security measures in response.
“Immediate action was taken,” he said, noting that all cybersecurity structures within the prison system had been engaged and a full investigation is underway.
