A cyber intrusion that occurred at the U.S. Marshals Service in December 2019 exposed 387,000 individuals’ names, addresses, birth dates, and social security numbers to attackers, an agency spokesperson confirmed to MeriTalk yesterday.
According to the spokesperson, attackers were able to exploit a vulnerability in a server called DSNet. DSNet tracks the movement and housing of Marshals Service prisoners between the courts, the Bureau of Prisons, and within the Marshals Service.
A cybersecurity monitoring tool alerted the Department of Justice’s Security Operations Center to the attack, but attackers were still able to extract the sensitive personally identifiable information on hundreds of thousands of individuals.
The spokesperson said that the Marshals Service and the Security Operations Center has taken action to prevent future attacks, including a comprehensive code review, correction, and testing of DSNet.
The U.S. Marshals Service is responsible for protecting the Federal judiciary, apprehending Federal fugitives, and transporting Federal prisoners.