America’s oldest law enforcement agency, the U.S. Marshals Service, is in a bit of security trouble. The federal police agency had been targeted by ransomware hackers earlier this month in an episode that officials are saying involved a significant amount of “sensitive” data, according to a statement.
Just how bad is this? While details are thin, the short answer is: probably pretty bad. The USMS is the law enforcement wing of America’s federal judiciary, reporting to the Attorney General’s Office. As a result, its digital systems carry a significant amount of information related to legal cases and federal investigations. The Justice Department, which oversees the USMS, has now launched a probe into the attack and, while the agency isn’t saying much, it has characterized the episode as a “major” incident. What does that really mean? Tbh, we don’t know but suffice it to say it doesn’t sound good.
What happened to the Marshals?
Here’s what we do know. According to a statement shared by the USMS with the press, the incident was discovered on Feb. 17, when officials found “a ransomware and data exfiltration event affecting a stand-alone USMS system.” Officials have launched a forensic investigation into the hack, finding that the breach “affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.” Officials haven’t said whether a ransom note was left, nor have they said whether they’ve identified the cybercriminal gang behind the data breach. Gizmodo reached out to the U.S. Marshals Service for additional information and will update this story if they respond.
What we know for sure about the ransomware attack
The Marshals want everybody to know one thing: the data stolen during the hack does not relate to its coveted Witness Protection program. The well-known USMS program, which uses sophisticated techniques to hide the identities and locations of pivotal witnesses in federal cases (Henry Hill, anyone?), was not impacted by the security breach. Soo…phew. That’s good. That said, not exactly a super high bar to set, right? You’d hope that at the very least the government would be able to keep that sort of data safe from prying eyes.
Who is behind this “major” attack?
We don’t know—but we’ll probably know soon. Ransomware gangs don’t typically steal data from high-profile targets and then stay quiet about it. This whole episode brings to mind an incident from 2021 in which cybercriminals associated with the Babuk Locker ransomware gang attacked the D.C. Metropolitan Police Department. The hackers stole sensitive data including dossiers on current and former police officers, intelligence reports related to the January 6 incident, and other sensitive information. When police failed to pay a $4 million ransom, the gang leaked the data all over the internet. I’m sure the U.S. Marshals are worried that something similar will happen here and—unfortunately—the likelihood that its data won’t get scattered all over the dark web doesn’t look particularly good right now.