The U.S. Marshals Service (USMS) is responding to a ransomware attack and data breach that has compromised law enforcement sensitive information, a USMS spokesperson told MeriTalk today.
The Department of Justice (DoJ) bureau said it discovered the hack affecting a stand-alone USMS system on Feb. 17, and described it to MeriTalk on Tuesday as a “major incident.”
According to the agency’s Feb. 28 statement, the affected system contains “law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”
After the ransomware and data theft incident was discovered earlier this month, USMS said it quickly disconnected the affected system and DoJ subsequently initiated a forensic investigation.
“On February 22, 2023, after USMS briefed senior Department officials regarding the incident, those officials determined that it constitutes a major incident,” the agency spokesperson said.
A “major incident” is a hack that is significant enough that it requires a Federal agency to notify Congress.
The Marshals Service – which is the nation’s oldest law enforcement agency – did not say who was behind the attack, nor did it say if it paid the ransom to unlock the affected system. The government frequently warns against paying ransoms.
The investigation into the security breach is still active.
“The Department’s remediation efforts and criminal and forensic investigations are ongoing. We are working swiftly and effectively to mitigate any potential risks as a result of the incident,” USMS said.
The USMS breach is the latest incident involving personally identifiable information to affect a key Federal agency system in recent months.
In December, the Centers for Medicare and Medicaid Services responded to a ransomware attack at a subcontractor that it said may have exposed the personally identifiable information of 254,000 Medicare beneficiaries.