Data allegedly stolen in US Marshals Service ransomware attack on sale

The U.S. Marshals Service is having a database purported to be stolen from its servers sold on a Russian-speaking cybercrime forum, according to BleepingComputer. Such a database, which is being sold for $150,000, is claimed to contain 350GB of documents from work computers and file servers between 2021 and February 2023, including photos of high-security areas like military bases, passport and identification document copies, citizen wiretapping and surveillance information, and aerial footage, as well as details on cartels, gang leaders, and convicts. Information regarding witness protection program participants was also included in the database, according to the threat actor. USMS has not yet confirmed the veracity of the threat actor's claims but USMS spokesperson Drew Wade noted that employees' personally identifiable information had been compromised in the incident. "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," said Wade.