The U.S. Marshals Service suffered a cyberattack that exposed the personal information of approximately 387,000 current and former prisoners at the end of last year, according to an agency official.
“The attackers were able to exploit a vulnerability in the system to extract sensitive personally identifiable information on approximately 387,000 individuals,” a Marshals Service spokesperson told Nextgov.
The spokesperson was referring to a system called DSNet, which is designed to house and transport prisoners within the agency, the federal courts and the Bureau of Prisons. Information extracted included names, addresses, birth dates and Social Security numbers.
Reports of the breach first surfaced on Friday, and cited notification letters the Marshals Service sent to the affected individuals. ZDNet published a copy of the letter, dated May 1, and linked to comments from concerned parties on Twitter.
“On December 30, 2019, the United States Marshals Service (USMS) Information Technology Division (ITD) received notification from the Department of Justice, Security Operations Center (JSOC) of a security breach affecting a public-facing USMS server that houses information pertaining to current and former USMS prisoners,” the letter reads. “You have been identified as an individual whose personally identifiable information (PII) may have been compromised as a result of this breach.”
The agency spokesperson confirmed the date of the incident, and said JSOC was able to detect the intrusion due to a new cybersecurity monitoring tool.
Under the Federal Information Security Modernization Act, the data breach qualifies as a “major incident.”
Justice and Marshals Service alerted the U.S. Computer Emergency Readiness Team, the FBI and Congress, in addition to the affected stakeholders, the spokesperson said, adding “USMS and the ..
Support the originator by clicking the read the rest link below.
