The US Marshals Service (USMS) was recently infiltrated by hackers, exposing potentially sensitive information.

The US Marshals Service experienced a cyberattack at the end of 2019 that wasn’t discovered until several months later, in May of 2020. That data breach was believed to have compromised the private information of around 387,000 prisoners. On February 22nd of this year, it was revealed that a similar hack took place days prior, on the 17th, that similarly left sensitive information vulnerable, including more personal information of federal prisoners. A sub-agency of the Department of Justice (DOJ), the USMS is responsible for transporting prisoners, keeping judges safe, and they operate the witness protection program. It is not publicly known at the moment whether data involving witnesses or judges was targeted, but prisoner information was again confirmed to be affected.

Ready to Retire from the Federal Government? Check out our No-Cost Webinars with Ed Zurndorfer: REGISTER HERE

The recent cybersecurity breach was significant enough that it was declared a “major incident” and therefore the USMS needed to notify Congress. The attack was caused by Ransomware that initiated a “data exfiltration event” that occurred in one USMS system, which was quickly disconnected from the network. Unfortunately, this is just one occurrence in a long string of recent cyber-threats causing havoc in government agencies. Among numerous others, a few examples would be the SolarWinds event that took place for several months at least 10 agencies in 2019, the cyberattack at the HHS in 2021, and more recently, an unnamed agency that was hacked in late 2022. Other attacks have recently occurred at OPM, DOJ, USAID, FBI, and the DoD. Despite an executive order signed in May 2021, the government has not made much progress in protecting its digital information.

Moving Forward

The DOJ will be conducting an investigation into the recent infiltration at USMS, but it has been noted that each of these incidents can have a far-reaching impact that long outlives the incident itself. The main objective of the DOJ’s investigation will be to mitigate risks. One of the main problems seems to be that thousands of government contractors, who provide technological support to government agencies, need to be brought up to cybersecurity standards such as making “strong” passwords a requirement – something most websites and email servers these days already feature.

Until Next Time,

**Written by Benjamin Derge, Financial Planner, ChFEBC℠. The information has been obtained from sources considered reliable but we do not guarantee that the foregoing material is accurate or complete. Any opinions are those of Benjamin Derge and not necessarily those of RJFS or Raymond James. Links are being provided for information purposes only. Expressions of opinion are as of this date and are subject to change without notice. Raymond James is not affiliated with and does not endorse, authorize, or sponsor any of the listed websites or their respective sponsors.