The U.S. Marshals Service (USMS) is investigating the theft of delicate regulation enforcement info following a ransomware assault that has impacted what it describes as “a stand-alone USMS system.”
USMS is a bureau inside the Justice Department that supplies help to all components of the federal justice system by executing federal courtroom orders, seizing illegally obtained property, assuring the security of presidency witnesses and their households, and extra.
The federal regulation enforcement company instructed NBC, which first reported the story, that the stolen knowledge included staff’ personally identifiable info.
Spokesperson Drew Wade stated the USMS found the “ransomware and knowledge exfiltration occasion affecting a stand-alone USMS system” on February 17.
“The affected system incorporates regulation enforcement delicate info, together with returns from authorized course of, administrative info, and personally identifiable info pertaining to topics of USMS investigations, third events, and sure USMS staff,” Wade added.
The compromised system is now disconnected from the USMS community, and the assault is presently underneath lively investigation as a “main incident.”
According to sources near the incident, the attackers didn’t acquire entry to USMS’ Witness Security Files Information System (aka WITSEC or the witness safety program) database.
A USMS spokesperson was not instantly obtainable for remark when contacted by BleepingComputer earlier in the present day for extra particulars relating to the incident.
Personal information of 387,000 prisoners stolen in 2020 breach
This follows one other knowledge breach disclosed in May 2020 after the U.S. Marshals Service uncovered the small print of over 387,000 former and present inmates in a December 2019 incident, together with their names, dates of beginning, house addresses, and social safety numbers.
The safety breach was found after one in all USMS’ public-facing servers, a part of a system referred to as DSNet that helps facilitate the housing and motion of prisoners, was compromised.
In associated information, the U.S. Federal Bureau of Investigation (FBI) additionally disclosed a cybersecurity incident two weeks in the past.
The FBI is now investigating malicious cyber exercise on the company’s community that was a part of a now-contained “remoted incident.”
“This is an remoted incident that has been contained. As that is an ongoing investigation the FBI doesn’t have additional remark to supply at the moment,” a spokesperson instructed BleepingComputer on the time.