The U.S. Marshals Service said it was struck by ransomware last week in an attack that affected systems holding sensitive law enforcement data and personally identifiable information related to several suspects.
U.S. Marshals Service spokesperson Drew Wade told NBC News late on Monday evening that after consulting with senior officials at the agency, it was determined that the attack “constitutes a major incident.”
No ransomware group has taken credit for the attack but the hackers stole employee information, legal documents, administrative data and more.
The Justice Department – where the U.S. Marshals Service is housed – and the Cybersecurity and Infrastructure Security Agency declined to comment but Wade said and investigation started last Wednesday after the attack was discovered on February 17.
The U.S. Marshals Service is in charge of the witness protection program, protecting judges and transporting prisoners. Sources told NBC News that the breach did not involve data from the witness protection program.
This is the latest cyberattack on a Justice Department law enforcement agency after the FBI announced another incident two weeks ago involving a breach of an FBI computer system used in investigations of images of child sexual exploitation.
The FBI’s external email system was also hacked in November, allowing someone to send spam emails to thousands of people.
The Justice Department itself suffered a breach of the federal courts docketing system that occurred in early 2020. The Russian hackers who orchestrated the SolarWinds supply chain attack were also able to pivot to the internal network of the U.S. Department of Justice, from where they gained access to Microsoft Office 365 email accounts belonging to employees at 27 U.S. attorneys’ offices.
The SolarWinds incident involved the Treasury Department, State Department, Commerce and Energy Departments, and parts of the Pentagon. Hackers stole the information of 26 million people in attacks on the Office of Personnel Management (OPM) in 2014 and 2015.