US Marshals Service responding to ransomware ‘major incident’

The DOJ bureau says it is working to mitigate any potential risks arising from the cyberattack.
United States Marshals Service Flag, American Flag. (Image credit: Getty Images).

The United States Marshals Service on Tuesday said it is responding to a ransomware and data exfiltration event affecting a standalone IT system at the Department of Justice bureau.

According to a statement, USMS on Feb. 22 declared a major incident after briefing senior agency officials and is working to address any potential risks arising from the incident.

“The Department’s remediation efforts and criminal and forensic investigations are ongoing. We are working swiftly and effectively to mitigate any potential risks as a result of the incident,” the agency said.

USMS first discovered the incident on Feb. 17 and disconnected the affected system before subsequently initiating a forensic investigation. 


Details of the breach were first reported on Tuesday by NBC. USMS spokesperson Drew Wade at the time told the news organization that the affected system contained law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information (PII) relating to subjects of USMS investigations, third parties and certain USMS employees.

The USMS breach is the latest incident involving PII to affect a key federal agency system in recent months.

In December, the Centers for Medicare and Medicaid Services disclosed details of a breach at a subcontractor that it said may have exposed the personally identifiable information of about 245,000 Medicare beneficiaries.

That same month, Immigration and Customs Enforcement launched an investigation after a spreadsheet containing sensitive details about 6,252 immigrants seeking protection in the U.S. was inadvertently uploaded to a public-facing website.

According to a survey carried out by nonprofit (ISC)in October, just 42% of government cybersecurity professionals feel they have the necessary tools and staff to respond to cyber incidents within the next two to three years.


U.S. government and military were among five industry categories from which survey respondents were least likely to express confidence about their organization’s ability to respond to potential cyber incidents.

Latest Podcasts