The security breach impacted sensitive information related to returns from legal processes; administrative information; and, personal identifiable information related to subjects of US Marshal Service investigations, third parties, certain US Marshall employees.
https://www.theregister.com/2023/02/28/us_marshals_ransomware_data_exfiltration/
On February 17, 2023, the US Marshals Service was hit with a major security breach as a result of ransomware discovered on a stand-alone system. The security breach impacted sensitive information related to returns from legal processes; administrative information; and, personal identifiable information related to subjects of US Marshal Service investigations, third parties, certain US Marshall employees. The attack was identified the same day it occurred and was disconnected from the network.
The data breach is a concern because the US Marshals Service is responsible for apprehending criminals; taking custody of, and providing security for federal prisoners; transporting federal prisoners; seizing, disposing of, and forfeiting assets; providing security at federal courts, and for judges and other court personnel; and executing federal court orders.
One of the most important responsibilities of the US Marshals Service includes providing the safety for government witnesses and their families; meaning, those in the witness protection program. However, a senior law enforcement official stated that the incident did not involve the breach of information contained in the witness protection program and that no one in that program was in danger.
The Justice Department is performing a forensic investigation to determine how the attack occurred so the US Marshals Service can identify the source of the attack and how long the attack was implemented before it was identified. The Service has also been asked what remedies have been put in place since the attack occurred.
Since 2015, there have been several security breaches within the United States Government. CISA, which stands for Cybersecurity and Infrastructure Security Agency, has given a directive requiring federal civilian agencies to scan and report software vulnerabilities, and must cover the agencies entire network interface. CISA isn’t directing the agencies on what method or automation to use, but has directed that the scans must occur on phones and laptops every 15 days. The agencies have until April 3, 2023, to perform automated asset discovery every seven days. CISA, within six months from the directive, will identify how the agencies will scan their devices and also if they should scan for known security bugs or potential software vulnerabilities in general. CISA’s goal is to reduce the nations risk to its infrastructure and allow better visibility over the networks.