A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from US Marshals Service (USMS) servers.
USMS is an office of the Department of Justice that supports the federal justice system by executing federal court orders, ensuring the safety of government witnesses and their families, seizing illegally obtained assets, and more.
The ad, titled “350 GB of confidential US Marshals Service (USMS) law enforcement information,” was added earlier today using an account registered yesterday afternoon.
According to the seller, the database is selling for $150,000 and contains “documents from file servers and working computers from 2021 to February 2023, without flooding such as exe files and libraries,” according to the seller.
The information includes aerial shots and photos of military bases and other high-security areas, copies of passports and identification documents, and details on wiretapping and citizen surveillance.
The files also contain information on convicts, gang leaders, and cartels. The threat actor also claims that some files are marked as SECRET or VERY SECRET.
The threat actor also claims that the database includes details about witnesses in the witness protection program.
A USMS spokesperson was not available for comment when contacted by BleepingComputer today for a statement on claims that data stolen in last month’s incident is now for sale.
USMS investigates ransomware attack
This comes after the USMS confirmed last month that it is investigating a “data breach event” following a February 17 ransomware attack that affected what it described as “an independent USMS system.”
According to USMS spokesman Drew Wade, the data stolen in this incident, labeled a “major incident,” includes personally identifiable information from USMS employees.
“The affected system contains sensitive law enforcement information, including legal process statements, administrative information, and personally identifiable information related to the subjects of USMS investigations, third parties, and certain USMS employees,” Wade said.
However, sources close to the incident told NBC News that the attackers did not gain access to the USMS Witness Security File Information System (also known as WITSEC or the witness protection program) database.
USMS revealed another data breach in May 2020 after exposing the details of more than 387,000 former and current inmates in a December 2019 incident, including their names, dates of birth, addresses, and social security numbers.
The US Federal Bureau of Investigation (FBI) also disclosed a cybersecurity incident two weeks ago, described as an “isolated incident” now contained.
