Digital Privacy Industry News

Data Breach at U.S. Marshals Service Exposes Personal Data of 387,000 Prisoners

The U.S. Marshals Service (USMS) has started notifying 387,000 former and current inmates of a security breach that may have compromised their personal identifiable information.

According to USMS officials, the incident occurred in December 2019, when a bad actor infiltrated the DSNet system, a platform that aids “the movement and housing of USMS prisoners with the federal courts, Bureau of Prisons, and within the agency.”

The attacked exploited a vulnerability in the system to steal information on inmates, including names, dates of birth, social security numbers, and home addresses.

In a copy of the breach notification letter obtained by ZDNet, the Prisoner Operations Division of USMS, provides additional information on the incident:

“On December 30, 2019, the United States Marshals Service (USMS) Information Technology Division (ITD) received notification from the Department of Justice, Security Operations Center (JSOC) of a security breach affecting a public-facing USMS server that houses information pertaining to current and former USMS prisoners,” the letter reads.“You have been identified as an individual whose personally identifiable information (PII) may have been compromised as a result of this breach.”

The notice also warns individuals about the risks of identity theft, and recommends they complete a Federal Trade Commission ID Threat Affidavit that will notify any existing creditors about the compromised data.

Additionally, inmates should consider signing up for a credit freeze or fraud alert with an existing credit-reporting agency that may assist with limiting future damages.

While the USMS and DOJ claim to have taken “numerous corrective actions to prevent future attacks, including comprehensive code review/correction and testing before returning DSNet to service,” the data breach could have serious implications. Many affected individuals are serving long prison sentences, and bad actors could easily profit off the stolen personal information.

Identity theft should not be taken lightly, as millions of U.S. citizens fall victim each year. A bad credit score or loan on your behalf is not the only drawback you can face. It can take years, and additional expense, for victims to restore their identity.

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.