Hackers Breach U.S. Marshals System With Sensitive Personal Data

The U.S. Marshals Service suffered a major security breach this month when hackers broke into and stole data from a computer system that included a trove of personal information about investigative targets and agency employees, a spokesman for the service said on Monday.

The service, a division of the Justice Department, is responsible for the protection of judges, the transportation of federal prisoners and the operation of the federal witness protection program. The witness protection database was not breached, but hackers did gain access to information about some fugitives sought by federal authorities, according to a senior law enforcement official.

Justice Department officials have determined that the breach, which was carried out through ransomware on Feb. 17, was “a major incident,” said Drew J. Wade, the Marshals Service spokesman. It was yet another in a series of breaches that have underscored the government’s struggles to protect sensitive information as the frequency, scale and sophistication of ransomware attacks have surged in recent years.

The affected system “contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of U.S.M.S. investigations, third parties and certain U.S.M.S. employees,” Mr. Wade said in an email. Officials with the Marshals Service disconnected the system after discovering the attack, he said.

The department is investigating the origin of the attack and working on an assessment of the damage while officials with the Marshals Service race to limit the risk posed by the theft of the highly sensitive personal and investigative information.

The breach was reported earlier by NBC News.

Several government agencies have fallen victim to hackers in recent years, as a growing number of groups have acquired the tools and expertise to steal data, disrupt critical infrastructure and extort payments from victims that also include corporations and private individuals.

A highly sophisticated Russian hacking attack during the final year of the Trump administration compromised the networks of more than 250 federal agencies and businesses — including the Treasury, State, Commerce and Energy Departments, and parts of the Pentagon.

A spate of hacks of government computers in 2015 that originated in China stole the personal information of about 21.5 million people, including addresses, health and financial history, and other private details, from people who had been subjected to a government background check. The hackers also took the personnel data and fingerprints of federal employees.

A number of other, smaller data breaches have targeted groups related to the federal government, including the theft by Chinese government hackers of sensitive data from a Navy contractor in 2018 and the theft in 2019 of tens of thousands of images of travelers and license plates stored by Customs and Border Protection.