US Marshal Service Data Breach: Cybercriminals Claim to Sell Confidential Law Enforcement Data

Russian cybercriminals are offering sensitive information stolen from the US Marshals Service (USMS) for sale on the dark web. The cybercriminals claim to have 350 GB of confidential law enforcement stolen during US Marshal Service Data Breach incident. The information includes confidential details on witnesses and those enrolled in the witness protection program. 

The US Marshal Service is a critical bureau within the US Department of Justice responsible for providing security for government witnesses and their families.

They support all elements of the federal justice system, including executing federal court orders and seizing illegally obtained assets. This makes the information they hold highly sensitive, and its theft is a grave concern for law enforcement agencies. 

US Marshal Service data breach explained  

A user on a Russian-language cybercrime forum is selling info. purportedly stolen from the US Marshals Service (#USMS.) The info is claimed to include, "Data on witnesses or who is on the witness protection program." 1/2 pic.twitter.com/17qcMhnBTZ

— Brett Callow (@BrettCallow) March 15, 2023

According to the cybercriminals on the Russian-language forum, the stolen information includes drone footage and photographs of military bases and other objects with exact coordinates.  

It also includes passports and identification documents, wiretap data, surveillance of citizens, files on cartels, data on convicts and gang leaders, and many documents marked SECRET and CONFIDENTIAL. The data is from file servers and work computers from 2021 to February 2023. 

The cybercriminals have offered to sell the information for $150,000, with the sale only to be made through the guarantor of the forum.  

The timing of the offer raises concern as the USMS recently reported being the target of an alleged ransomware attack. This, combined with the potential loss of sensitive information, is a significant concern for the USMS and the Department of Justice. 

US Marshal Service data breach and mitigation  

In February it was reported that the United States Marshal Services were subject to an alleged ransomware attack.

Today a person appeared online – offering to sell the data for $150,000

*Text taken from forum, text slightly altered to improve legibility

Intel via @BrettCallow pic.twitter.com/YWiTw4OHIC

— vx-underground (@vxunderground) March 15, 2023

In today’s digital age, the theft of sensitive information is becoming an increasingly pervasive threat. With cybercriminals targeting government agencies and corporations alike, organizations must prioritize cybersecurity measures in their operations to prevent these attacks from happening. 

The recent data breach affecting the US Marshals Service and the Department of Justice is a clear example of this growing concern.

They must take immediate action to secure their systems and prevent further attacks from occurring. They must also prioritize informing the individuals whose information may have been compromised and provide them with the necessary support. 

Previous US Marshal Service breach  

This is not the first time that the US Marshal Service has suffered from a security breach. A similar incident occurred in December 2019, where the details of 387,000 former and current inmates were exposed. Another breach was disclosed in May 2020, underscoring the need for more robust cybersecurity measures within government agencies. 

As cybercrime continues to evolve, organizations must remain vigilant and proactive in their approach to cybersecurity. It’s not enough to react after an attack has already occurred; preventative measures must be put in place to ensure the safety of sensitive information. 

All organizations must prioritize cybersecurity measures and take action to prevent future attacks, particularly those handling sensitive information.

The potential consequences of a data breach are too severe to ignore, making it imperative that we all take cybersecurity seriously. 

NOTE: The above information is provided for informational purposes only and is yet to be verified by The Cyber Express. Any reliance on such information is at the user’s own risk. For any queries related to the content, please contact us at [email protected]. The Cyber Express will not be liable for any errors or omissions in the information provided, or for any actions taken by users based on such information until it is verified.