According to the United States Marshals Service (USMS), a ransomware attack disclosed sensitive law enforcement data, including the private information of investigation targets, reported first by TechCrunch on Tuesday, Feb. 28.
 
A division of the US Department of Justice, the USMS is in charge of carrying out all law enforcement operations pertaining to the federal court system, including running the federal witness protection program and transporting federal inmates.

(Photo : NICOLAS ASFOURI/AFP via Getty Images)
(FILES) In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. - As the number of online devices surges and super-fast 5G connections roll out, record numbers of companies are offering up to seven-figure rewards to ethical hackers who can successfully attack their cybersecurity systems.

Ransomware and Data Exfiltration Event

A "ransomware and data exfiltration event" that compromised a "stand-alone" system, which is a system that is not linked to a larger federal network, was detected on February 7 by the US Marshals Service.

"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," USMS spokesperson Drew Wade said in a statement with TechCrunch.

According to sources cited by NBC News, the attackers were unable to access the systems hosting the witness protection database of USMS.

The compromised system has been cut off from the USMS network, and Wade said that a major incident investigation is currently being conducted into the attack. 

A major incident is a hack that a federal agency determines to be urgent enough for notifying Congress.

The US Marshals Service chose not to disclose how it came to be infiltrated, whether it knows who carried out the attack, or whether it paid the demanded ransom. 

The FBI cautions against paying ransom demands, stating that doing so does not ensure that access to the data would be returned.

Read Also: North Korean State-Sponsored Hackers Have Been Attacking Healthcare Providers Since 2021 - US Authorities Warn

Forensic and Criminal Investigations Continue

According to Wade, the Department is continuing its forensic and criminal investigations as well as its remediation activities.
 
He noted that they are now working to mitigate any potential risks from the hacking incident.

This is not the first data breach that USMS has announced. In May 2020, it came to light that the US Marshals Service had exposed the names, dates of birth, residences, and social security numbers of nearly 387,000 former and present inmates.

In addition, the FBI has only recently stated that it is looking into a cybersecurity incident following reports that hackers had infiltrated a computer system at the agency's New York field office.

Related Article: Russia vs Ukraine: FBI Warns Businesses, Local Governments of Ransomware Attacks Amid Tension in Europe