U.S. Marshals Service Suffers Significant Data Breach, as Revealed by Them
The U.S. Marshals Service (USMS), America's oldest law enforcement agency, has been targeted by ransomware hackers earlier this month. The breach affected a stand-alone USMS system, leading to the exfiltration of sensitive data.
Details about the cybercriminal group responsible for the attack remain unclear, but the incident bears resemblance to the 2021 attack on the D.C. Metropolitan Police Department by the Babuk Locker ransomware gang.
The digital systems of the USMS carry a significant amount of information related to legal cases and federal investigations. In this instance, dossiers on current and former police officers, intelligence reports related to the January 6 incident, and other sensitive information were stolen.
The Justice Department is conducting a probe into the attack, characterizing it as a "major" incident. The stolen data does not include information related to the Witness Protection program. However, the likelihood of the USMS's data not getting scattered all over the dark web does not look particularly good at the moment.
It is unusual for ransomware gangs to steal data from high-profile targets and then stay quiet about it. The USMS has not revealed whether a ransom note was left or identified the cybercriminal gang behind the data breach.
The USMS is the law enforcement wing of America's federal judiciary, reporting to the Attorney General's Office. In a statement shared with the press, the USMS acknowledged the incident and assured that they are taking necessary steps to address the situation.
The U.S. Department of Justice seized Bitcoin assets linked to the Chaos ransomware group in 2025, underscoring the group's notoriety and the government's response efforts. While details about other groups like Medusa exist, none are reported as responsible for this particular attack on the USMS.
Gizmodo reached out to the U.S. Marshals Service for additional information and will update this story if they respond. The incident serves as a reminder of the ongoing threats posed by cybercriminals and the importance of robust cybersecurity measures in protecting sensitive data.
- The ransomware attack on the U.S. Marshals Service (USMS) this month has highlighted the critical role of cybersecurity in safeguarding technology-centered general-news and crime-and-justice information.
- While instances of ransomware groups stealing data from high-profile targets and remaining silent about it are unusual, the identity of the cybercriminal gang behind the USMS data breach remains unidentified.
- Despite the exfiltration of sensitive data belonging to police officers, intelligence reports, and other confidential material, the stolen data does not encompass information related to the Witness Protection program.
- Technology professionals and security analysts are keeping a close eye on the potential dissemination of USMS's stolen data across the dark web, raising concerns about the data's future vulnerability.
