A U.S. Marshals Service system that hosts sensitive information was breached on Feb. 17, prompting the Department of Justice to start a forensic investigation, NBC News reported Tuesday.
Drew Wade, a spokesperson for USMS, said the agency “discovered a ransomware and data exfiltration event affecting a stand-alone USMS system,” which was then disconnected from the network.
The affected system, said Wade, contains sensitive law enforcement information, such as administrative information, returns from legal process and the personal information of USMS investigations, third parties and select employees.
He noted that senior officials briefed on the matter determined that the breach constituted a “major incident.”
Joel Bagnal, director of federal at SpyCloud, said that “the real impact of an attack like this is the malicious use of data that the attackers collected,” Nextgov reported Tuesday.
He told the publication in a statement that he recommends individuals work to mitigate further damage by resetting passwords and invalidating sessions for important workforce applications that could be compromised.
“This enables security teams to quickly remediate much more than the infected device, re-securing affected applications and closing entry points for additional ransomware attacks,” Bagnal added.
