An unprecedented cyber crisis has erupted in Romania’s penitentiary system, with a group of prisoners with hacking skills gaining full control of the National Penitentiary Administration (NPA) database. They were changing prison terms, transferring money, and gaining unauthorized privileges, jeopardizing not only the security of the system but also the country’s national security.
The incident began in July 2025, when a convicted cybercriminal who called himself a member of Anonymous observed the login and password of an employee with administrative access while being transferred to a hospital. Upon his return to Târgu Jiu Prison, he used these credentials to log in through terminals with physical keyboards, gaining full access to the IMSweb system, the official database of prisoners. For three months, the group operated almost daily, changing punishment records, adding “discount days,” transferring funds, and even creating fictitious records of intimate encounters. The discovery came by chance — an accountant noticed that money was not being debited after purchases, after which it turned out that one of the prisoners had spent almost 10,000 lei from a fake account.
The National Penitentiary Administration confirmed the incident and said that its consequences were localized, although the investigation is ongoing. The director of the National Penitentiary Service, Geo Bohdan Burcu, admitted that the violation was possible due to the negligence of the employees who allowed the prisoners to access the technical terminals. At the same time, the National Cybersecurity Center is checking the IMSweb program, created in 2023 with EU funds in the amount of one million euros. The prison workers’ union said the system was implemented in a hurry, without proper testing, which created the conditions for a large-scale hack.
The incident was the first documented case of prisoners being able to hack a government information system, exposing serious cybersecurity problems in the law enforcement sector. The incident demonstrates the urgent need to modernize prison technology and strengthen access controls, as such attacks can lead to false releases and the leakage of sensitive government data.
