Cyber Incident Victim: U.S. Marshals Service
Date:
Dec 2019
Location:
United States of America
Summary
A data breach at the U.S. Marshals Service exposed sensitive personal information of current and former prisoners, including names, addresses, dates of birth, and Social Security numbers, potentially enabling identity fraud. The incident involved unauthorized access to a public-facing server hosting the DSNet system, used for managing prisoner movements and housing across federal entities. Detection occurred via a new cybersecurity monitoring tool alerting to an attempted attack, affecting approximately 387,000 individuals. The compromised system, initially developed by another federal office, had been integrated into the agency years prior.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 30, 2019, the U.S. Marshals Service (USMS) was notified by the U.S. Department of Justice about a data breach impacting a public-facing server containing sensitive personal information of current and former prisoners under its custody. The compromised data included individuals' names, addresses, dates of birth, and Social Security numbers—information that could facilitate identity fraud. The breach affected approximately 387,000 individuals, according to USMS spokesperson Drew Wade. Detection occurred when a newly implemented cybersecurity monitoring tool alerted the Justice Security Operations Center to an attempted cyberattack targeting DSNet, the agency's prisoner management system. DSNet facilitated prisoner transportation coordination and housing assignments between federal courts, the Bureau of Prisons, and internal USMS operations. Notification letters were subsequently sent to impacted individuals, though the specific timeline for victim notifications wasn't disclosed in available sources.
The DSNet system, originally developed in 2005 by the Office of the Federal Detention Trustee, had been integrated into USMS infrastructure following an organizational merger in 2012. While the breach notification confirmed unauthorized access to prisoner data, technical specifics regarding the attack vector, duration of system exposure, or identity of threat actors weren't publicly disclosed. The incident represented one of several federal cybersecurity lapses reported during this period, including a separate May-July 2019 breach at the Defense Information Systems Agency that compromised employee personal data. As the primary law enforcement arm of federal courts, USMS handled substantial operational volumes—including over 90,000 fugitive arrests and 105,000 warrant services in the year preceding the breach—though these statistics weren't directly linked to the breach's scope or impact severity. No additional information regarding containment measures, forensic investigations, or post-incident system modifications was released in the available documentation.