The U.S. Marshals Service said Monday it had suffered a “major” cybersecurity breach more than a week ago that compromised sensitive information.
U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, and that it occurred on February 17. He told NBC News, “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”
Wade said the Marshals Service had suffered a “ransomware and data exfiltration event” that affected a “stand-alone” system that was disconnected from the larger network.
Ransomware is the crime in which the perpetrators lock up a company’s computers, disrupt their operations and demand ransom—usually millions of dollars—to unlock the systems. The ransom is almost always demanded in the form of cryptocurrency.
The Marshal Service breach reportedly did not impact the Witness Security Program database, and according to officials no one in witness protection was endangered by the breach.
Along with witness protection, the U.S. Marshals Service oversees federal prisoners and pursues fugitives across the country.
In his statement, Wade said the Marshals Service had “disconnected the affected system, and the Department of Justice initiated a forensic investigation.”
The DOJ has constituted the Marshals Service hack to be a “major incident,” which means it was significant enough to require a federal agency to notify Congress.
Ransomware has been a lucrative global crime. However, despite the Marshal Service hack, authorities are making progress. Revenue from the crime fell to about $457 million in 2022, down from $766 million in 2021, according to data from cryptocurrency-tracking firm Chainalysis. The Treasury Department, however, puts the estimate for 2021—the most recent year for which there is public data—at $886 million.