The US Marshals Service (USMS) is investigating after suffering a major ransomware attack that may have compromised sensitive information, law enforcement officials have announced.
In a statement issued on Monday, spokesperson Drew Wade said: “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of USMS investigations, third parties and certain USMS employees.”
Mr Wade said the hack had occurred on 17 February with the Marshals Service discovering “a ransomware and data exfiltration event affecting a stand-alone USMS system”.
In response, the system was quickly disconnected from the network and USMS notified the Justice Department, which then carried out a forensic investigation.
A “major incident” was declared on 22 February and the investigation is ongoing, Mr Wade said.
That designation is reserved for any attack that could pose a threat to national security, foreign relations or the US economy or which threatens to undermine public confidence, civil liberties or the health and safety of the American public.
A senior official subsequently told NBC that no information pertaining to the Witness Security Program had been compromised in the cyberattack.
Ironically, news of the breach coincided with Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly’s warning that cyber intrusions “can do real damage to our nation – leading to theft of our intellectual property and personal information”.
The Biden administration is meanwhile poised to release a National Cyber Strategy imminently, intended to lay out protocol and plug security gaps as the threat from large-scale hacking attacks continues to grow.
“No matter where you are, and no matter how much you try to twist and turn to cover your tracks – your infrastructure, your criminal associates, your money, and your liberty are all at risk,” FBI director Christopher Wray warned in January.