The United States Marshals Service (USMS) suffered a “major” security breach earlier this month when hackers broke into a computer system and accessed sensitive information about employees and investigative targets, officials confirmed on Feb. 27.
In a statement, a spokesman for USMS—which is responsible for apprehending and handling federal prisoners, pursuing fugitives, and operating the Witness Security Program—said the law enforcement agency discovered the hack and theft of data from its network on Feb. 17.
After discovering the breach, the Marshals Service “disconnected” the system and the Department of Justice began a forensic investigation, according to Wade.
‘Major Incident’
Wade added that on Feb. 22 after the agency briefed senior DOJ officials about the breach, “those officials determined that it constitutes a major incident.”An investigation into the breach is ongoing, Wade said.
That leak, which was discovered by independent cybersecurity researcher Anurag Sen, impacted USSOCOM, also known as SOCOM, a unit within the DoD that oversees and coordinates special operations in various military branches, including the Army, Navy, Marine Corps, and Air Force.
According to reports, that leak was prompted by a misconfiguration with the DoD server that left it accessible with a password, meaning that the server could be accessed by anyone on the internet via the server’s IP address.
The server was part of an internal mailbox system that stored around three terabytes of military emails, including sensitive personal and health information of federal employees that were being vetted for security clearance.
Hacker Finds No-Fly List
Officials did not say if anyone other than Sen had accessed the exposed server and the data held on it before it was secured.In an emailed statement to The Epoch Times, a DoD spokesperson said: “U.S. Cyber Command and Joint Force Headquarters-Department of Defense Information Network [JFHQ-DODIN] continue to work with affected DoD entities and the cloud service provider [CSP] to assess the scope and impact of this potential data exposure.
“The DoD chief information officer in coordination with JFHQ-DODIN is working with the CSP to understand the root cause of the exposure and why this problem was not detected sooner.”
The spokesperson added that any DoD personnel affected by the incident would be notified.
“DoD takes this matter very seriously and will incorporate all lessons learned from this event to strengthen its cybersecurity posture,” the spokesperson said.
The TSA has said it was investigating a “potential cybersecurity incident” following the hacker’s claim.
The Epoch Times has contacted the U.S. Marshals Service for comment.
