A significant cyber intrusion has compromised the electronic case filing system used by the U.S. federal judiciary, exposing sensitive court data across multiple states. This hack, which was not previously reported, is feared to have revealed the identities of confidential informants in criminal cases at several federal district courts. The breach affects the Case Management/Electronic Case Files (CM/ECF) system and its public-facing component, PACER, which legal professionals and the public use to access court records. The incident underscores a critical vulnerability in a system that holds a vast amount of sensitive information, from sealed indictments to search warrants, all of which could be of interest to foreign governments or criminal organizations.
The Extent of the Damage
The full scope of the cyberattack is still under investigation by the Administrative Office of the U.S. Courts, the Justice Department, and individual district courts. While it is not yet clear who is responsible, it is widely suspected that nation-state-affiliated actors or criminal organizations were involved. The breach was discovered around July 4, and since then, efforts have been made to assess the damage. While the most highly protected federal witnesses are reportedly held on a separate Justice Department system, the hack has raised serious concerns about the safety of other confidential information. In one court district, for example, roughly a dozen court dockets were reportedly tampered with as a result of the incident, though this claim has not been fully verified.
Previous Warnings and Ongoing Concerns
The recent breach is not an isolated incident but rather the latest example of a federal court system struggling to keep pace with evolving cybersecurity threats. Michael Scudder, who chairs the Committee on Information Technology for the federal courts, has previously told the House Judiciary Committee that the CM/ECF and PACER systems are “outdated, unsustainable due to cyber risks, and require replacement.” He also noted that the judiciary faces “unrelenting security threats of extraordinary gravity” because of the sensitive nature of the information it handles. This isn’t the first time the system has been targeted; in July 2022, the Justice Department was investigating another hack involving three foreign groups that dated back to early 2020, and it is unclear if the two incidents are connected
Reference:
