Hackers steal sensitive law enforcement data in a breach of the U.S. Marshals Service

/in


The oldest U.S. federal law enforcement agency, the U.S. Marshals Service, has revealed it was the victim of a cyberattack last week in which hackers stole sensitive data.

According to a U.S. Marshals spokesperson, the “major incident” impacted a “standalone” computer system which contained records about targets of ongoing investigations, employee personal data and internal processes.

Importantly, according to the spokesperson, the system did not include personal details about people enrolled in the Federal Witness Protection Program, whose lives could be in danger if publicly exposed. The U.S. Marshals claim the system is not connected to the broader network, and was quickly shut down when the breach was discovered before turning the investigation over to the Department of Justice.

The Service said it learned about the attack on Feb. 17, when it discovered what it described as a ransomware attack in which the hackers were actively exfiltrating sensitive files. The breach was first reported by NBC News.

“The Department’s remediation efforts and criminal forensic investigations are ongoing,” a U.S. Marshals Service spokesperson wrote in an email. “We are working swiftly and effectively to mitigate any potential risks as a result of the incident.”

The U.S. Marshals Service did not provide additional information about whether the attackers threatened to release stolen data if a ransom was not paid, or details on how the agency is accessing its records in a workaround following the breach.

If the attackers broke in and encrypted the files in what looked like a ransomware attack, but never demanded payment, it’s possible there was never any financial motivation for stealing the information.

Government agencies are attractive targets for foreign espionage, and the FBI, another federal law enforcement agency, specifically recommends that ransoms not be paid. It is unlikely a savvy criminal ransomware gang would expect payment from the U.S. Marshals. However, some criminal groups seek out targets indiscriminately based on security vulnerabilities or opportunity.

If no ransom was demanded, that could speak to the potential hidden…

Source…