DOJ investigating "major" ransomware attack against U.S. Marshals Service
The Department of Justice is investigating a ransomware attack that targeted one of the U.S. Marshals Service's systems earlier this month, the service confirmed Tuesday.
Why it matters: The affected system contains sensitive law enforcement information, including "returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," according to an agency statement.
- The DOJ is investigating how the attack happened, what exactly was taken and who was behind it.
What they're saying: "The Department's remediation efforts and criminal and forensic investigations are ongoing," the USMS told Axios.
- "We are working swiftly and effectively to mitigate any potential risks as a result of the incident."
What's happening: The U.S. Marshals Service, which protects federal courts and pursues federal fugitives, says it discovered a "ransomware and data exfiltration event affecting a standalone USMS system" on Feb. 17.
- Shortly after, the agency disconnected the system and started an investigation.
- On Feb. 22, the service briefed senior Justice Department officials on the incident. During that meeting, officials designated the attack as a "major incident."
- The incident did not affect the database involving the Witness Security Program, according to NBC News, which first reported the attack.
The big picture: News of the attack on the U.S. Marshals Service comes a few weeks after the FBI — which is also housed inside DOJ — contained a seemingly unrelated IT security breach.
- The FBI believes that incident involved a database used in child sexual exploitation investigations.
Go deeper: Decoding the government's dire ransomware warnings
Sign up for Axios’ cybersecurity newsletter Codebook here.