The U.S. Marshals Service (USMS) was targeted by a ransomware group earlier this month that resulted in “sensitive information” being compromised.
As first reported by NBC News on Monday evening, multiple senior U.S. law enforcement officials revealed that data had been exfiltrated without authorization from a standalone system on Feb. 17.
U.S. Marshals Service spokesperson Drew Wade confirmed that the affected system contained “law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”
A source did stress, however, that the breach did not result in the exposure of data linked to what is commonly referred to as the witness protection program.
Following the discovery of the breach, the system was isolated from its network. The Justice Department, which labeled the attack as “a major incident,” is currently carrying out a forensic investigation.
It remains unclear which strain of ransomware was involved and whether a prominent cybercrime group was responsible.
No information has been provided about over whether the group has threatened to release the data to the public, an increasingly common tactic designed to force victims to pay a hefty ransom.