Jump to content
  • U.S. Marshals Service investigating ransomware attack, data theft

    alf9872000

    • 319 views
    • 2 minutes
     Share


    • 319 views
    • 2 minutes

    The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as "a stand-alone USMS system."

     

    USMS is a bureau within the Justice Department that provides support to all elements of the federal justice system by executing federal court orders, seizing illegally obtained assets, assuring the safety of government witnesses and their families, and more.

     

    The federal law enforcement agency told NBC, which first reported the story, that the stolen data included employees' personally identifiable information.

     

    Spokesperson Drew Wade said the USMS discovered the "ransomware and data exfiltration event affecting a stand-alone USMS system" on February 17.

     

    "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," Wade added.

     

    The compromised system is now disconnected from the USMS network, and the attack is currently under active investigation as a "major incident."

     

    According to sources close to the incident, the attackers did not gain access to USMS' Witness Security Files Information System (aka WITSEC or the witness protection program) database.

     

    A USMS spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for more details regarding the incident.

    Personal info of 387,000 prisoners stolen in 2020 breach

    This follows another data breach disclosed in May 2020 after the U.S. Marshals Service exposed the details of over 387,000 former and current inmates in a December 2019 incident, including their names, dates of birth, home addresses, and social security numbers.

     

    The security breach was discovered after one of USMS' public-facing servers, part of a system called DSNet that helps facilitate the housing and movement of prisoners, was compromised.

     

    In related news, the U.S. Federal Bureau of Investigation (FBI) also disclosed a cybersecurity incident two weeks ago.

     

    The FBI is now investigating malicious cyber activity on the agency's network that was part of a now-contained "isolated incident."

     

    "This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time," a spokesperson told BleepingComputer at the time.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...