U.S. Marshals Service data breach leaves 387,000 prisoners vulnerable

The U.S. Marshals Service (USMS) has started notifying 387,000 former and current inmates of a security breach that may have compromised their personal identifiable information. According to USMS officials, the incident occurred in December 2019, when a bad actor infiltrated the DSNet system, a platform that aids “the movement and housing of USMS prisoners with the federal courts, Bureau of Prisons, and within the agency.” The attacked exploited a vulnerability in the system to steal information on inmates, including names, dates of birth, social security numbers, and home addresses. In a copy of the breach notification letter obtained by ZDNet, the Prisoner Operations Division of USMS, provides additional information on the incident: “On December 30, 2019, the United States Marshals Service (USMS) Information Technology Division (ITD) received notification from the Department of Justice, Security Operations Center (JSOC) of a security breach affecting a public-facing USMS server that houses information pertaining to current and former USMS prisoners,” the letter reads. “You have been identified as an individual whose personally identifiable information (PII) may have been compromised as a result of this breach.”

Source: Security Boulevard