US Marshals Service exposed prisoner details in security breach

UPDATE: More than 387,000 former and current inmates had data exposed in a December 2019 incident.

USMS US Marshals Service

The US Marshals Service (USMS) has suffered a security lapse last year and is currently notifying more than 387,000 inmates that might had their personal details stolen in the incident.

According to breach notification letters sent this month, the USMS said the incident came to light on December 30, 2019, when the USMS Information Technology Division (ITD) received an alert from the Department of Justice Security Operations Center (JSOC) about a breach of a public-facing USMS server.

"A new cyber security monitoring tool alerted the Justice Security Operations Center to an attempted attack on a USMS system called DSNet, a system designed to facilitate the movement and housing of USMS prisoners with the federal courts, Bureau of Prisons, and within the agency," a USMS spokesperson told ZDNet in an email.

"DSNet was built in 2005 by the Office of the Federal Detention Trustee and was brought into USMS when the two organizations merged in 2012," the USMS added.

The agency said a hacker breached DSNet by exploiting a vulnerability and then extracted information on current and former USMS prisoners from the system. Per the USMS, DSNet stored data such as names, dates of birth, social security numbers, and home addresses.

The USMS said that JSOC has taken "numerous corrective actions to prevent future attacks, including comprehensive code review/correction and testing before returning DSNet to service."

The agency is now notifying all impacted current and former inmates. ZDNet has obtained a copy of the letter, embedded below.

letter.jpg

Image supplied by source

The leak has exposed the personal details of both US citizens arrested for serious crimes who are now serving long prison sentences, but also Americans detained for short periods of time, without a case being brought against them.

A class-action lawsuit is currently being considered.

TechCrunch independently reported on the USMS breach earlier today as well.

Article updated on May 11, 6:50pm ET, with additional information from the USMS.