The United States Marshals Service (USMS) says it was hit by a ransomware attack that exposed sensitive law enforcement data, including personal information belonging to the targets of investigations.
The USMS is a bureau within the U.S. Department of Justice that’s tasked with carrying out all law enforcement activities relating to the federal justice system, such as operating the federal witness protection program and the transportation of federal prisoners.
The U.S. Marshals Service confirmed to TechCrunch that the agency discovered a “ransomware and data exfiltration event” on February 7 that affected a “stand-alone” system, meaning the system is not connected to a larger federal network.
“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” USMS spokesperson Drew Wade told TechCrunch.
The attackers did not gain access to the systems running USMS’ witness protection database, sources told NBC News, which was first to report on the breach.
The compromised system is now disconnected from the USMS network, and the attack is currently under active investigation as a “major incident,” Wade added. A major incident is a hack that is considered significant enough that it requires a federal agency to notify Congress.
The U.S. Marshals Service declined to say how it was compromised, whether it has identified who was behind the attack, or if it paid the unknown attackers’ ransom demand. The FBI advises against paying ransom demands, warning that doing so doesn’t guarantee restored access to data.
“The Department’s remediation efforts and criminal and forensic investigations are ongoing,” Wade told TechCrunch. “We are working swiftly and effectively to mitigate any potential risks as a result of the incident.”
This isn’t the first time that USMS has disclosed a data breach. It was revealed in May 2020 that the U.S. Marshals Service exposed the personal details of over 387,000 former and current inmates, including their names, dates of birth, home addresses, and social security numbers.
This latest breach also comes just weeks after the FBI confirmed that it was investigating a cybersecurity incident after reports revealed that attackers had compromised a computer system at the agency’s New York field office.