US Marshals Report Ransomware Attack Exposing Sensitive Law Enforcement Data

According to the United States Marshals Service (USMS), a ransomware attack disclosed sensitive law enforcement data, including the private information of investigation targets, reported first by TechCrunch on Tuesday, Feb. 28.

A division of the US Department of Justice, the USMS is in charge of carrying out all law enforcement operations pertaining to the federal court system, including running the federal witness protection program and transporting federal inmates.

Ransomware and Data Exfiltration Event

A "ransomware and data exfiltration event" that compromised a "stand-alone" system, which is a system that is not linked to a larger federal network, was detected on February 7 by the US Marshals Service.

"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," USMS spokesperson Drew Wade said in a statement with TechCrunch.

According to sources cited by NBC News, the attackers were unable to access the systems hosting the witness protection database of USMS.

The compromised system has been cut off from the USMS network, and Wade said that a major incident investigation is currently being conducted into the attack.

A major incident is a hack that a federal agency determines to be urgent enough for notifying Congress.

The US Marshals Service chose not to disclose how it came to be infiltrated, whether it knows who carried out the attack, or whether it paid the demanded ransom.

The FBI cautions against paying ransom demands, stating that doing so does not ensure that access to the data would be returned.

Forensic and Criminal Investigations Continue

According to Wade, the Department is continuing its forensic and criminal investigations as well as its remediation activities.

He noted that they are now working to mitigate any potential risks from the hacking incident.

This is not the first data breach that USMS has announced. In May 2020, it came to light that the US Marshals Service had exposed the names, dates of birth, residences, and social security numbers of nearly 387,000 former and present inmates.

In addition, the FBI has only recently stated that it is looking into a cybersecurity incident following reports that hackers had infiltrated a computer system at the agency's New York field office.