Data Allegedly Stolen From US Marshals Service Ransomware Attack Up for Sale
On a hacking forum in the Russian language, a threat actor is reportedly selling hundreds of gigabytes of data that they claim to have stolen from servers of the US Marshals Service (USMS).
The threat actor is claiming to have 350 GB of confidential law enforcement data from the US Marshal Service. A newly registered account has allegedly posted the offer for sale at a price of $1,50,000.
The data being offered reportedly contains aerial footage and photographs of military installations and other highly secure areas, as well as copies of passports and identification documents. Additionally, it allegedly includes information on wiretapping and surveillance of citizens.
According to the threat actor, the files being sold also contain information on convicts, gang leaders, and cartels. The data is allegedly marked as SECRET or TOP SECRET in some cases.
Drew J. Wade, a spokesperson for USMS, has confirmed that a major ransomware attack took place on February 17th, and that sensitive data was stolen. The stolen data reportedly included returns from legal processes, administrative information, and information pertaining to USMS investigations.
Although the hacker selling the data has claimed that they possess details of individuals under the witness protection program, the US Marshal Service has stated that the threat actor was unable to access this information.
USMS spokesperson Drew Wade has confirmed that the stolen data in this incident, which has been categorized as a “major incident,” contains personally identifiable information of USMS employees.
Sources close to the incident have informed NBC News that the attackers were unable to access the Witness Security Files Information System (WITSEC), also known as the witness protection program, database belonging to USMS.
USMS had reported another data breach in May 2020, where details of over 3,87,000 current and former inmates were exposed. The incident, which took place in December 2019, reportedly disclosed their names, home addresses, dates of birth, and social security numbers.