The U.S. Marshals Service was hacked in a ransomware attack earlier this month, resulting in the theft of sensitive data.

NBC News was the first to report the hack Monday, quoting a Marshals Service spokesperson saying that the ransomware attack “affected system containing law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”

The spokesperson confirmed that the attack involved ransomware and data exfiltration but did not name the form of ransomware. The affected system was disconnected from the USMS system with the Justice Department beginning a forensic investigation.

A senior law enforcement official told NBC that the ransomware attack did not breach the Witness Security Program database, commonly known as the witness protection program. However, the breach is described as a “major incident” and did involve investigative information relating to subjects of ongoing USMS investigations.

Founded in 1789, the U.S. Marshals Service is the oldest ongoing law enforcement agency in the U.S. Residing in the Department of Justice, the service operates as the enforcement arm of the U.S. federal courts to ensure the effective operation of the judiciary and the integrity of the constitution.

“Based on the information we do have, the information stolen has the potential to compromise ongoing investigations including witnesses and informants, put USMS employees in danger and disrupt time-sensitive operations while the USMS recovers,” Darren Guccione, co-founder and chief executive at security software provider Keeper Security Inc., told SiliconANGLE. “Another major ramification is the impact on public trust and confidence in the U.S. Marshals Service, an agency that is charged with everything from transporting detainees to protecting witnesses.”

Nick Tausek, lead security automation architect at low-code security automation company Swimlane Inc., noted the language used to describe the attack. “According to U.S. policy, ‘major incidents’ are regarded as ‘significant cyber incidents’ that have the potential to do tangible harm to the economy, national security or civil liberties of the United States, as well as to public trust and safety.”

Dr. Ilia Kolochenko, founder of information technology security company ImmuniWeb SA and member of the Europol Data Protection Experts Network, said the incident deserves an urgent investigation to identify precisely the actual scope of the breach and to understand what data has actually been stolen.

“If sensitive information from the witness protection program and other ultra-sensitive federal databases has been indeed compromised, many innocent people may be murdered by acolytes of mafia kingpins and members of drug cartels,” Kolochenko explained. “Worse, such incidents irreparably erode people’s trust toward the government and its ability to protect law-abiding citizens and those who decided to cooperate with authorities.”

Photo: Office of Public Affairs/Flickr