US Marshals says prisoners' personal information taken in data breach

Zack Whittaker
WASHINGTON, DC - DECEMBER 09: The Justice Department building on a foggy morning on December 9, 2019 in Washington, DC. It is expected that the Justice Department Inspector General will release his report on the investigation into the Justice and FBIs conduct during the FISA warrant process as it relates to the 2016 election today.(Photo by Samuel Corum/Getty Images)

A data breach at the U.S. Marshals Service exposed the personal information of current and former prisoners, TechCrunch has learned.

A letter sent to those affected, and obtained by TechCrunch, said the Justice Department notified the U.S. Marshals on December 30, 2019 of a data breach affecting a public-facing server storing personal information on current and former prisoners in its custody. The letter said the breach may have included their name, address, date of birth and Social Security number, which can be used for identity fraud.

As the law enforcement arm of the federal courts, U.S. Marshals are tasked with capturing fugitives and serving federal arrest warrants. Last year, U.S. Marshals arrested more than 90,000 fugitives and served over 105,000 warrants.

U.S. Marshals spokesperson Drew Wade told TechCrunch that some 387,000 individuals are affected by the breach.

"A new cyber security monitoring tool alerted the Justice Security Operations Center to an attempted attack on a USMS system called DSNet, a system designed to facilitate the movement and housing of USMS prisoners with the federal courts, Bureau of Prisons, and within the agency," said Wade. "DSNet was built in 2005 by the Office of the Federal Detention Trustee and was brought into USMS when the two organizations merged in 2012."

It's the latest federal government security lapse in recent weeks.

The Defense Information Systems Agency, a Dept. of Defense division charged with providing technology and communications support to the U.S. government — including the president and other senior officials — said a data breach between May and July 2019 resulted in the theft of employees' personal information.

Last month, the Small Business Administration admitted that 8,000 applicants, who applied for an emergency loan after facing financial difficulties because of the coronavirus pandemic, had their data exposed.

Updated with statement from the U.S. Marshals.

US defense agency says personal data ‘compromised’ in 2019 data breach