The US Marshals Service (USMS) was recently infiltrated by hackers, exposing potentially sensitive information.
The US Marshals Service experienced a cyberattack at the end of 2019 that wasn’t discovered until several months later, in May of 2020. That data breach was believed to have compromised the private information of around 387,000 prisoners. On February 22nd of this year, it was revealed that a similar hack took place days prior, on the 17th, that similarly left sensitive information vulnerable, including more personal information of federal prisoners. A sub-agency of the Department of Justice (DOJ), the USMS is responsible for transporting prisoners, keeping judges safe, and they operate the witness protection program. It is not publicly known at the moment whether data involving witnesses or judges was targeted, but prisoner information was again confirmed to be affected.
Ready to Retire from the Federal Government? Check out our No-Cost Webinars with Ed Zurndorfer:
The recent cybersecurity breach was significant enough that it was declared a “major incident” and therefore the USMS needed to notify Congress. The attack was caused by Ransomware that initiated a “data exfiltration event” that occurred in one USMS system, which was quickly disconnected from the network. Unfortunately, this is just one occurrence in a long string of recent cyber-threats causing havoc in government agencies. Among numerous others, a few examples would be the SolarWinds event that took place for several months at least 10 agencies in 2019, the cyberattack at the HHS in 2021, and more recently, an unnamed agency that was hacked in late 2022. Other attacks have recently occurred at OPM, DOJ, USAID, FBI, and the DoD. Despite an executive order signed in May 2021, the government has not made much progress in protecting its digital information.
The DOJ will be conducting an investigation into the recent infiltration at USMS, but it has been noted that each of these incidents can have a far-reaching impact that long outlives the incident itself. The main objective of the DOJ’s investigation will be to mitigate risks. One of the main problems seems to be that thousands of government contractors, who provide technological support to government agencies, need to be brought up to cybersecurity standards such as making “strong” passwords a requirement – something most websites and email servers these days already feature.
----
Until Next Time,
The information has been obtained from sources considered reliable but we do not guarantee that the foregoing material is accurate or complete. Any opinions are those of Serving Those Who Serve writers and not necessarily those of RJFS or Raymond James. Any information is not a complete summary or statement of all available data necessary for making an investment decision and does not constitute a recommendation. Investing involves risk and you may incur a profit or loss regardless of strategy suggested. Every investor’s situation is unique and you should consider your investment goals, risk tolerance, and time horizon before making any investment or financial decision. Prior to making an investment decision, please consult with your financial advisor about your individual situation. While we are familiar with the tax provisions of the issues presented herein, as Financial Advisors of RJFS, we are not qualified to render advice on tax or legal matters. You should discuss tax or legal matters with the appropriate professional. **