Ransomware attack on US Marshals Service affects ‘law enforcement sensitive information’

(CNN) — A ransomware attack on the U.S. Marshals Service has affected a computer system containing “law enforcement sensitive information,” including personal information belonging to targets of investigations, a U.S. Marshals Service spokesperson said Monday evening.

“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” spokesperson Drew Wade said in a statement.

The Marshals Service, which handles federal prisoners across the United States and pursues fugitives, discovered the hack and theft of data from its network on Feb. 17. The service “disconnected the affected system, and the Department of Justice initiated a forensic investigation,” Wade said in the statement.

The Justice Department subsequently determined it “constitutes a major incident,” according to the statement. A “major incident” is a hack that is significant enough that it requires a federal agency to notify Congress.

A senior official familiar with the matter told CNN that no data related to the Witness Protection Program was obtained during the incident.

The Justice Department’s investigation into the incident is ongoing.

NBC News first reported on the incident.

It’s at least the second significant malicious cyberincident to affect U.S. federal law enforcement agencies in February.

The FBI had to move to contain malicious activity on part of its computer network earlier this month, CNN first reported at the time. FBI officials believe that incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.

There was no immediate indication that the U.S. Marshals Service and FBI cyberincidents were related.