US Marshals Service Breach Exposed Personal Data of 387,000 Prisoners (nextgov.com) 9
An anonymous reader quotes a report from Nextgov: The U.S. Marshals Service suffered a cyberattack that exposed the personal information of approximately 387,000 current and former prisoners at the end of last year, according to an agency official. "The attackers were able to exploit a vulnerability in the system to extract sensitive personally identifiable information on approximately 387,000 individuals," a Marshals Service spokesperson told Nextgov. The spokesperson was referring to a system called DSNet, which is designed to house and transport prisoners within the agency, the federal courts and the Bureau of Prisons. Information extracted included names, addresses, birth dates and Social Security numbers.
Under the Federal Information Security Modernization Act, the data breach qualifies as a "major incident." Justice and Marshals Service alerted the U.S. Computer Emergency Readiness Team, the FBI and Congress, in addition to the affected stakeholders, the spokesperson said, adding "USMS and the JSOC have taken numerous corrective actions to prevent future attacks, including comprehensive code review/correction and testing before returning DSNet to service." The spokesperson said the affected individuals were only now being notified because of the time it took to gather their relevant information and identity and to line up the necessary assistance services. The notification letter advised the affected individuals their identity could be stolen and referred them to resources to freeze their credit and protect themselves from fraud. ZDNet published a copy of the letter the Marshals Service sent to the affected individuals. TechCrunch's Zack Whittaker first reported the breach on Friday,
Under the Federal Information Security Modernization Act, the data breach qualifies as a "major incident." Justice and Marshals Service alerted the U.S. Computer Emergency Readiness Team, the FBI and Congress, in addition to the affected stakeholders, the spokesperson said, adding "USMS and the JSOC have taken numerous corrective actions to prevent future attacks, including comprehensive code review/correction and testing before returning DSNet to service." The spokesperson said the affected individuals were only now being notified because of the time it took to gather their relevant information and identity and to line up the necessary assistance services. The notification letter advised the affected individuals their identity could be stolen and referred them to resources to freeze their credit and protect themselves from fraud. ZDNet published a copy of the letter the Marshals Service sent to the affected individuals. TechCrunch's Zack Whittaker first reported the breach on Friday,
How did it happen? (Score:2)
Re: (Score:2)
"The article didn't say how it happened, but I'll bet it wasn't a buffer overflow."
I suspect Boyd Crowder.
A one armed man did it! (Score:3)
A one armed man did it!
Just do it (Score:2)
Re: (Score:2)
Samuel Gerard
Re: (Score:2)
Low impact (Score:3)
How many of those 387,000 have credit ratings over 500?
Still, their lawyers should all be given money to oversee the necessary credit monitoring services.
Re: (Score:3)
How many of those 387,000 have credit ratings over 500?
Likely quite a few. These are federal prisoners, so financial crimes, tax evasion, insider trading, money laundering, interstate drug-trafficking. Many of these people are financially sophisticated and pay their bills on time.
The small-time crooks are in state prisons.
Re: (Score:3)
It's not clear if that would increase or decrease your credit worthiness.