Systems breach

Sensitive Data Exfiltrated During US Marshals Service Hack

A spokesperson from the U.S. Marshals Service said the agency was hacked earlier in February.

According to the spokesperson, the incident was discovered on Feb. 17 when the agency found a “ransomware and data exfiltration event” that affected a standalone system. The affected system was disconnected from the agency’s network.

The Department of Justice, the parent agency of the Marshals Service, is investigating the incident, Nextgov reported Tuesday.

The affected system contains sensitive information used in law enforcement, including returns from legal processes, administrative information and personally identifiable information related to persons subject to investigations.

Leaders from the private industry weighed in on the USMS hack. According to Lior Yaari, CEO and co-founder of Grip Security, the Marshals Service hack is an example of how cybercriminals aim for identity-related attacks.

Yaari explained that in addition to exfiltrating data, hackers altered an identity fabric for individuals in the compromised system. Identity fabrics are sets of identity services that provide seamless and controlled access to information.

According to Yaari, hackers could exploit identity fabric vulnerabilities in future attacks, especially when there are compromised identities. The Grip Security CEO explained that compromised identities give hackers an embedded position in the fabric and ultimately give them an extended presence wherever the compromised identity goes.

President Joe Biden issued an executive order in 2021 to improve the federal government’s cybersecurity posture. Some of the items listed on the EO are software supply chain security enhancements, the creation of a standardized cyberattack response playbook and enhanced detection of cyber vulnerabilities on federal government networks.