U.S. Marshals Service Looking Into Data Theft & Ransomware Attack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Feb 28, 2023 07:19 am PST

The theft of private law enforcement data is being looked into by the U.S. Marshals Service (USMS) as a result of a ransomware attack that hit “a stand-alone USMS system,” according to the USMS.

The Justice Department’s USMS bureau supports all facets of the federal justice system by carrying out court orders, recovering illegally acquired property, ensuring the protection of government witnesses and their families, and performing other tasks.

The federal law enforcement agency confirmed to NBC, which broke the story that the stolen material contained personally identifiable information about the employees.

According to spokeswoman Drew Wade, on February 17, the USMS learned of the “ransomware and data exfiltration event affecting a stand-alone U.S. Marshals Service system.”

Wade continued, “The impacted system contains law enforcement sensitive material, including returns from legal process, administrative information, and personally identifiable information belonging to subjects of USMS investigations, third parties, and some USMS personnel.

The compromised machine has been cut off from the U.S. Marshals Service network, and a “major incident” investigation is ongoing into the attack. Those familiar with the situation claim that the attackers were unable to access the database for the USMS’s witness protection program, also known as WITSEC.

When contacted by the USMS for more information about the event earlier today, a spokeswoman did not respond right away with a remark.

387,000 Convicts’ Personal Information Was Compromised Before

The U.S. Marshals Service revealed the personal information of nearly 387,000 former and present offenders in a December 2019 event, including their names, dates of birth, residential addresses, and social security numbers. This was followed by another data breach that was made public in May 2020.

One of USMS’s public-facing servers, which is a component of the DSNet system that aids in the housing and movement of convicts, was compromised, leading to the discovery of the security lapse.

A cybersecurity problem was reported by the American Federal Bureau of Investigation (FBI) two weeks ago.

The FBI is looking into a now-contained “isolated incident” involving malicious cyber activity on the agency’s network. “This one incidence has been contained and is isolated. The FBI does not currently have any other comments to make on this investigation because it is ongoing “.


According to law enforcement sources, the US Marshals Service (USMS) is looking into a significant ransomware attack that may have compromised critical data. As stated in a statement issued on Monday by spokesperson Drew Wade, the impacted system contains law enforcement-sensitive data, including returns from legal processes, administrative data, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and particular USMS employees.

According to Mr. Wade, the Marshals Service discovered “a ransomware and data exfiltration event affecting a stand-alone USMS system” on February 17. As a result, the system as a result; they immediately unplugged from the network and alerted the Justice Department, which then conducted a forensic examination. On February 22, a “major incident” was declared, and the inquiry is still underway, according to Mr. Wade.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x