The US Marshals Service is investigating a ransomware attack that led to data theft
The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that affected what it describes as an “independent USMS system.”
The USMS is an office within the Department of Justice that provides support to all elements of the federal justice system by executing federal court orders, seizing ill-gotten assets, ensuring the safety of government witnesses and their families, and more.
The federal law enforcement agency told NBC, which first reported the story, that the stolen data included personally identifiable information of employees.
The compromised system is now disconnected from the USMS network, and the attack is under active investigation as a “major incident.”
According to sources close to the incident, the attackers did not gain access to the USMS witness defense file database (known as WITSEC or the Witness Protection Program).