The breach in the IT system of the Târgu Jiu Penitentiary: a policeman facilitated unauthorized access. Unit leadership, changed
The National Administration of Penitentiaries has made public details of the IT incident at the Târgu Jiu Penitentiary, which took place on September 16, 2025 and which temporarily affected the confidentiality and integrity of some information.
How the hacker from Târgu Jiu Penitentiary acted PHOTO: Shutterstock
“The incident did not represent a breach of the databases, but a malfunction that required the prompt intervention of the specialist departments within the National Administration of Penitentiaries (ANP). Following the initial checks, immediate measures were taken to isolate and remedy the situation, and the competent authorities were notified”. stated ANP.
The investigation showed that the breach was possible due to the negligence of a prison officer, who communicated the access credentials and allowed the assignment of unjustified rights in the system.
“The extensive checks, carried out by the Penitentiary Inspection Directorate within the central apparatus, revealed the fact that the unauthorized access, by a prisoner, of the computer systems within the penitentiary system was possible due to a number of factors, such as: nnon-compliance with the prohibitions regarding the security of the account provided by the employer, by communicating login credentials by a prison police officer, assigning roles that are not related to work duties for a user account used by a police officer, unjustified assignment of rights for a certain role, the possibility of logging in using a common user account and inappropriate location of the station, which reduces the effectiveness of supervision detainees, the display of negligence and superficiality in the exercise of duties by the executive and management staff, as well as the superficiality shown by the coordinator of the IT department, and, last but not least, the late reporting, were the main factors that allowed the incident”it is stated in the official note of the ANP.
The management of the penitentiary, changed
The National Administration of Penitentiaries (ANP) ordered several measures to remedy the situation and prevent similar incidents. The officers involved were referred to disciplinary boards and the management of the unit, including the director and deputy director responsible for custody safety, was changed.
In parallel, ANP initiated procedures to clarify the rights and roles of each user of the IT system, as well as to increase the control and verification of internal activities. The relevant documents were also sent to the Gorj Organized Crime Fighting Service, for the assessment of criminal liability.
“The investigations carried out by the competent authorities are still ongoing, and the ANP is collaborating closely with all the institutions involved to clarify all aspects related to the incident. The ANP reiterates its commitment to ensuring data security and institutional transparency. The IT system of the Târgu Jiu Penitentiary is currently operating within normal parameters, with the implementation of the necessary technical corrections to prevent incidents similar in the future”, ANP sent.
