Cyberattack Hits U.S. Marshals Service, Sensitive Information Compromised
The U.S. Marshals Service (USMS) was recently hit with a major cyberattack that exposed sensitive information, including employee data and information on fugitives and law enforcement investigations.
The ransomware attack was discovered on February 17, 2023. It was contained to a stand-alone USMS system which was then disconnected from the broader network.
The system accessed contained law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.
The attackers did not breach the witness protection database.
The attack was declared a “major incident” on Wednesday, February 22, by the Department of Justice (DOJ), parent agency of the U.S. Marshals Service. The declaration of a major incident required congressional notification.
A “major incident” is one that could cause demonstrable harm to U.S. national security, foreign relations, or the economy, or the public confidence, civil liberties, or the public health and safety.
The investigation and remediation efforts are ongoing.
"We are working swiftly and effectively to mitigate any potential risks as a result of the incident," spokesperson Drew Wade told CBS News.
CBS reports that the agency has created a workaround to continue fugitive investigations amid the breach.
USMS was previously hit by a data breach in May 2020. In that breach, the personal details of over 387,000 current and former federal inmates were accessed.
The latest breach comes as the Biden Administration is poised to release its National Cyber Strategy, which will be the first cybersecurity blueprint published in more than 15 years.
It also comes more than a year after the President issued an executive order on cybersecurity, which called for the modernization and implementation of cybersecurity standards across the federal government.
“Cybersecurity is complex but it’s not always hard. Pick a standard or set of cybersecurity best practices, work to implement that standard, measure your progress as you go. Basically that’s what President Biden’s executive order on cybersecurity called for and he was right, but it doesn’t look like we are making the progress we should be,” CyberSheath Founder and CEO Eric Noonan told NextGov.