Skip to Content

U.S. Marshals suffer ransomware breach containing personal data

U.S. Marshals suffer ransomware breach containing personal data

U.S. Marshals suffer Ransomware breach containing personal data

WASHINGTON, D.C. – The U.S. Marshals Service (USMS) suffered a cybersecurity data breach in February, affecting what it referred to as “sensitive personal data.”

First reported by NBC News, USMS spokesperson Drew Wade, chief of the Office of Public Affairs, told the outlet that a ransomware attack occurred and constituted a major incident. The breach occurred on Feb. 17, according to Wade, and was limited to a “stand-alone USMS System." An investigation revealed that the system, now brought offline, contained information such as law enforcement data pertaining to personal data for fugitives, third parties, and employees (the USMS supports the federal justice system though the protection of judges, transport of criminals, and other tasks).

“We justifiably hold government institutions to the highest standards on personal data protection,” said co-founder and President of Picus Labs, Dr. Suleyman Ozarslan. “However, a major ransomware incident hitting the U.S. Marshals Service proves that even the biggest, most security-focused originations can be breached. Indeed, the ink is still wet on the FBI’s disclosure of its own computer network incident.”

Orzarslan offered his comments via email to Security Systems News. “There are small crumbs of comfort in this otherwise serious data breach. It’s a major relief that the data breach has not impacted the witness protection program. Any data breach involving personally identifiable information constitutes a major incident. The notion of people entrusted to the state witnesses program having had their data stolen and sold on the dark web would have been calamitous.”

Currently the incident is being investigated by the U.S. Department of Justice (DOJ), while the U.S. Marshals are working on restoring service to the affected system while using a work around to access sensitive files in the meantime. It was not immediately clear if any hacker or group of hackers had taken credit as of yet for the malware attack.

“It’s no surprise to see ransomware as the chosen attack method,” Ozarslan added. “Our research shows that a quarter of all malware seen in the wild has the ability to encrypt data. It also shows that the most prevalent attack techniques are more sophisticated than ever, pointing to the growing influence of APTs.”

As of the writing of this article neither the USMS nor the DoJ has released an official statement regarding the incident.


To comment on this post, please log in to your account or set up an account now.