US Marshals Service exposed prisoner details in security breach

May 09, 2020

The US Marshals Service (USMS) has suffered a security lapse last year and is currently notifying inmates that some of their personal details might have been exposed online.

According to breach notification letters sent this month, the USMS said the incident came to light on December 30, 2019, when the USMS Information Technology Division (1TD) received an alert from the Department of Justice Security Operations Center (JSOC) about a breach of a public-facing USMS server.

The USMS said the hacked server housed information on current and former USMS prisoners, including data such as names, dates of birth, social security numbers, and home addresses.

ZDNet has received this week a copy of the USMS notification letter, and have confirmed its authenticity with other users who received similar notifications.

A USMS spokesperson took ZDNet‘s call on the breach earlier today but has not returned a formal request for comment before this article’s publication.

It currently remains unclear how many current or former inmates had their data exposed, what kind of server was breached, the nature of the breach, or if the intrusion also impacted the USMS’ internal IT systems.

The leak has exposed the personal details of both US citizens arrested for serious crimes who are now serving long prison sentences, but also Americans detained for short periods of time, without a case being brought against them.

A class-action lawsuit is currently being considered.

TechCrunch first reported on the USMS breach earlier today.