The compromised computer system includes information on both investigative targets and agency employees.
The U.S. Marshals Service suffered a significant security breach this month when hackers broke into and stole data from a computer system that included a trove of personal information about investigative targets and agency employees, a spokesman said on Monday.
The service, a division of the Justice Department, is responsible for the protection of judges, the transportation of federal prisoners, and the operation of the federal witness protection program. The witness protection database was not breached, but hackers did gain access to information about some fugitives sought by federal authorities, according to a senior law enforcement official.
Justice Department officials have determined that the breach, carried out through ransomware on Feb. 17, was “a major incident,” said Drew J. Wade, the Marshals Service spokesman. It was another in a series of breaches that have underscored the government’s struggles to protect sensitive information as ransomware attacks’ frequency, scale, and sophistication have surged in recent years.
The affected system “contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information about subjects of U.S.M.S. investigations, third parties, and certain U.S.M.S. employees,” Mr. Wade said in an email. He said officials with Marshals Service disconnected the system after discovering the attack.
The department is investigating the attack’s origin and assessing the damage while officials with the Marshals Service race to limit the risk posed by the theft of highly sensitive personal and investigative information.
The breach was reported earlier by NBC News.
Several government agencies have fallen victim to hackers in recent years. A growing number of groups have acquired the tools and expertise to steal data, disrupt critical infrastructure and extort payments from victims, including corporations and private individuals.
A highly sophisticated Russian hacking attack during the final year of the Trump administration compromised the networks of more than 250 federal agencies and businesses — including the Treasury, State, Commerce, and Energy Departments, and parts of the Pentagon.
A spate of hacks of government computers in 2015 that originated in China stole the personal information of about 21.5 million people, including addresses, health and financial history, and other private details, from people who had been subjected to a government background check. The hackers also took the personnel data and fingerprints of federal employees.
Several other minor data breaches have targeted groups related to the federal government, including the theft by Chinese government hackers of sensitive data from a Navy contractor in 2018 and the theft in 2019 of tens of thousands of images of travelers and license plates stored by Customs and Border Protection.
The Biden administration has made combating ransomware a national security priority, and has succeeded in recovering ransoms, thwarting extortion attempts, and dismantling criminal organizations that engage in ransomware attacks.