US Marshals says prisoners’ personal information taken in data breach

A data breach at the U.S. Marshals Service exposed the personal information of current and former prisoners, TechCrunch has learned.

A letter sent to those affected, and obtained by TechCrunch, said the Justice Department notified the U.S. Marshals on December 30, 2019 of a data breach affecting a public-facing server storing personal information on current and former prisoners in its custody. The letter said the breach may have included their name, address, date of birth and Social Security number, which can be used for identity fraud.

As the law enforcement arm of the federal courts, U.S. Marshals are tasked with capturing fugitives and serving federal arrest warrants. Last year, U.S. Marshals arrested more than 90,000 fugitives and served over 105,000 warrants.

U.S. Marshals spokesperson Drew Wade told TechCrunch that some 387,000 individuals are affected by the breach.

“A new cyber security monitoring tool alerted the Justice Security Operations Center to an attempted attack on a USMS system called DSNet, a system designed to facilitate the movement and housing of USMS prisoners with the federal courts, Bureau of Prisons, and within the agency,” said Wade. “DSNet was built in 2005 by the Office of the Federal Detention Trustee and was brought into USMS when the two organizations merged in 2012.”

It’s the latest federal government security lapse in recent weeks.

The Defense Information Systems Agency, a Dept. of Defense division charged with providing technology and communications support to the U.S. government — including the president and other senior officials — said a data breach between May and July 2019 resulted in the theft of employees’ personal information.

Last month, the Small Business Administration admitted that 8,000 applicants, who applied for an emergency loan after facing financial difficulties because of the coronavirus pandemic, had their data exposed.

Updated with statement from the U.S. Marshals.