The US Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that impacted what it describes as “a standalone USMS system”.

The USMS is an office of the Department of Justice that provides support to all elements of the federal justice system by enforcing federal court orders, seizing illegally obtained assets, providing security for government witnesses and their families, etc

The federal law enforcement agency told NBC, which reported for the first time the story, that the stolen data included personally identifiable employee information.

Spokesperson Drew Wade said the USMS discovered the “ransomware and data exfiltration event affecting an autonomous USMS system” on February 17.

“The affected system contains sensitive law enforcement information, including court process returns, administrative information, and personally identifiable information about USMS investigation subjects, third parties, and certain USMS employees. USMS,” Wade added.

The compromised system is now disconnected from the USMS network, and the attack is currently under active investigation as a “major incident.”

According to sources familiar with the incident, the attackers did not gain access to the USMS Witness Security Records Information System database (aka WITSEC or the Witness Protection Program).

A USMS spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for further details regarding the incident.

The personal information of 387,000 prisoners stolen in 2020

This follows another data breach disclosed in May 2020 after the US Marshals Service exposed details of more than 387,000 former and current detainees in a December 2019 incident, including their names, dates of birth, home addresses and social security numbers.

The security flaw was discovered after one of the USMS’s public servers, which is part of a system called DSNet that helps facilitate the housing and movement of prisoners, was compromised.

In addition, the United States Federal Bureau of Investigation (FBI) has also disclosed a cybersecurity incident two weeks ago.

The FBI is currently investigating malicious cyber activity on the agency’s network that was part of an “isolated incident” that has now been brought under control.

“This is an isolated incident that has been contained. As this is an ongoing investigation, the FBI has no further comment at this time,” a spokesperson said. at BleepingComputer at the time.