The US Marshals Service (USMS) has suffered a security lapse last year and is currently notifying inmates that some of their personal details might have been exposed online.
According to breach notification letters sent this month, the USMS said the incident came to light on December 30, 2019, when the USMS Information Technology Division (1TD) received an alert from the Department of Justice Security Operations Center (JSOC) about a breach of a public-facing USMS server.
The USMS said the hacked server housed information on current and former USMS prisoners, including data such as names, dates of birth, social security numbers, and home addresses.
ZDNet has received this week a copy of the USMS notification letter, and have confirmed its authenticity with other users who received similar notifications.
Image supplied by source
A USMS spokesperson took ZDNet‘s call on the breach earlier today but has not returned a formal request for comment before this article’s publication.
It currently remains unclear how many current or former inmates had their data exposed, what kind of server was breached, the nature of the breach, or if the intrusion also impacted the USMS’ internal IT systems.
The leak has exposed the personal details of both US citizens arrested for serious crimes who are now serving long prison sentences, but also Americans detained for short periods of time, without a case being brought against them.
A class-action lawsuit is currently being considered.
TechCrunch first reported on the USMS breach earlier today.
@WhiteHouse Just wondering why you have not shared with the public, the intelligence breach at U.S. Marshalls’ ((USMS). I am calling all Felons since 2007 to join a class action suit, please go now to before it is too late…wtcfoundationinc,godaddysites. com
— https://www.wtcfoundationinc.godaddysites.com (@welbythomascox) May 7, 2020
@USMarshalsHQ what is up with these letters formerly incarcerated people are receiving from USMS Prisoner Ops Branch? These folks already know there was a data breach in Dec but the URL at the top seems scammy. Thank you. pic.twitter.com/9WlLw96s9m
— BarenMater (@BarenMater) May 6, 2020