The United States Marshals Service announced a data breach involving the personal information of its former and current prisoners.

In a data breach notification letter obtained by ZDNet, the U.S. Marshals Service revealed that it had first learned of the security incident in late 2019.

A redacted copy of the data breach notification letter. (Source: ZDNet)

On December 30, 2019, the United States Marshals Service (USMS), Information Technology Division (ITD) received notification from the Department of Justice Security Operations Center (JSOC) of a security breach affecting a public-facing USMS server that houses information pertaining to current and former USMS prisoners. You have been identified as an individual whose personally identifiable information (PII) may have been compromised as a result of this breach.

That PII might have included prisoners’ dates of birth, Social Security Numbers and physical addresses, the data breach letter noted.

Even so, it’s unclear from the letter how digital attackers breached the USMS server, what kind of server it was and how many prisoners were victims in this security incident.

ZDNet confirmed the authenticity of the letter with other sources who have received similar notices.

This security incident wasn’t the first of its kind announced by the U.S. federal government in 2020. Back in February, for instance, the U.S. Department of Defense (DoD) warned that a data breach at the Defense Information Systems Agency (DISA) might have compromised some individuals’ personal information.

In the wrong hands, malicious actors could abuse PII to commit identity theft and then to launch secondary attacks. It’s therefore important for users and organizations alike to protect their personally identifiable information. That’s why the U.S. Department of Justice instructed victims of the USMS data breach to consider placing a security freeze on their credit files.

Concerned individuals shouldn’t stop (Read more...)