US Marshals to Unveil ‘Fully Reconstituted System’ Following Ransomware Attack

Bennie J. Davis III/U.S. Marshals Service

Offline since February, the new system will have improved cybersecurity countermeasures.

A critical U.S. Marshals Service computer system that has been offline since February after suffering a ransomware attack and data breach will soon be operational again—this time with improved cybersecurity capabilities, according to a U.S. Marshals Service spokesperson.

According to a detailed May 1 report by the Washington Post, the system in question was operated by the Marshals’ Technical Operations Group, a division within the agency that uses sophisticated, secretive technical methods to track suspected criminals through mobile phones, emails and the internet.

On Monday, Marshals Service spokesperson Drew Wade told Nextgov the attack had not impacted the agency’s ability to conduct investigations or apprehend fugitives. He further stated the agency will soon deploy a revamped version of the system with improved IT capabilities.

“The data breach has not impacted the USMS’ overall ability to apprehend fugitives and conduct its investigative and other missions. Most critical tools were restored within 30 days of the breach discovery. Further, USMS soon will deploy a fully reconstituted system with improved IT security countermeasures.”

The stand-alone system in question has been disconnected since Feb. 17, when the Marshals Service discovered a “ransomware and data exfiltration event” affecting the system, which contained law enforcement sensitive information and personally identifiable information pertaining to subjects of USMS investigations, third parties and certain USMS employees. On Feb. 22, following a briefing from the Marshals Service, Justice Department officials deemed the breach constituted a “major incident,” with remediation efforts including ongoing criminal and forensic investigations.

The Marshals Service was previously hacked in 2019 in an incident that exposed the personal information of nearly 400,000 prisoners. That hack impacted the DSNet system, which houses and transports prisoners within the agency, federal courts and Bureau of Prisons. 

NEXT STORY: FCW Insider Chat: Cybersecurity