The federal judiciary’s electronic case filing system has been breached in a major cyberattack that may have exposed sensitive court records in several U.S. states, according to two individuals familiar with the matter.
The intrusion, which had not been publicly disclosed until now, is believed to have compromised the identities of confidential informants involved in criminal proceedings across various federal district courts. Both sources, who requested anonymity due to the sensitive nature of the issue, shared details of the breach.
The Administrative Office of the U.S. Courts, which oversees the federal court filing system, first recognized the severity of the breach around July 4, one source said. However, the office, along with the Justice Department and numerous district courts nationwide, is still assessing the full scope of the damage.
It remains unclear who was behind the breach, though it is suspected to be the work of state-sponsored hackers or organized cybercriminal groups. The Administrative Office declined to comment, and the FBI referred inquiries to the Justice Department, which has not responded.
The breach affects the judiciary’s central case management system, particularly the Case Management/Electronic Case Files (CM/ECF) system and PACER, the public access platform. These systems contain sensitive documents, including sealed indictments, arrest and search warrants, and information about cooperating witnesses—data that could be exploited by criminals or foreign actors.
Federal court leaders in the 8th Circuit, covering states such as Iowa, Missouri, and Minnesota, were briefed on the breach at a recent judicial conference in Kansas City. While it’s unclear who led the briefing, Judge Robert J. Conrad Jr., Director of the Administrative Office, was present. Supreme Court Justice Brett Kavanaugh also attended but did not comment on the incident.
This breach highlights growing concerns about the vulnerability of the federal court’s digital infrastructure. Judge Michael Scudder, chair of the courts’ tech committee, told Congress in June that the CM/ECF and PACER systems are outdated and pose significant cybersecurity risks. He stressed the urgent need to replace them, noting the judiciary is constantly targeted by serious cyber threats.
This incident follows a previous hack of the court system dating back to 2020, involving three foreign groups, according to former House Judiciary Chair Jerry Nadler. Whether the two breaches are related remains unknown.
One source, a veteran of the judiciary, described this as the most serious breach they’ve seen. Another source said that court dockets were altered in at least one district, though the first source couldn’t confirm such tampering but said it’s possible.
Fortunately, the most highly protected witnesses—those whose identities are kept in separate Justice Department systems—do not appear to have been exposed in this breach.
Scudder told lawmakers that modernizing the court’s case management systems is a “top priority,” but acknowledged that replacing them would require a gradual, phased rollout. He emphasized that CM/ECF and PACER are critical to the courts’ daily operations.
Source: POLITICO
Welcome to the Forum!
Our forum is brand new, and you’re among the first to join! 🎉
Feel free to start a conversation, ask a question, or share your thoughts. Your voice can help shape this community from the ground up!