The electronic case filing system (CM/ECF) of the United States federal courts recently fell victim to a large-scale hacker attack, affecting federal district courts in multiple states and potentially leading to the exposure of sensitive court documents, triggering a crisis in judiciary and national security.
According to a report from the U.S. political news website “Politico” on the 6th of August, two informed sources disclosed that the Administrative Office of the United States Courts (AOUSC) detected this cybersecurity incident around the 4th of July. The office, responsible for the management of the national court filing system, is currently collaborating with the Department of Justice and various local courts to investigate the extent and impact of the breach.
Reports indicate that the identity of the hackers has not been confirmed, but there are initial suspicions linking them to hacker groups or criminal organizations supported by specific countries. The attack targeted the core case management systems of the federal courts, including CM/ECF (case management and electronic case filing system) and PACER (Public Access to Court Electronic Records).
These systems store vast amounts of confidential information, such as informant details, the identities of defendants cooperating with law enforcement, sealed indictments, undisclosed charges, arrests and search warrants. If exposed, this could potentially become a tool for criminals to evade pursuit.
The Chief Judge of the Eighth Circuit Court of Appeals, covering Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota, and South Dakota, received a briefing on the hacking incident at a judicial conference held in Kansas City last week. Judge Robert J. Conrad, Jr., Director of the Administrative Office of the U.S. Courts, and Supreme Court Justice Brett Kavanaugh were also present at the meeting but did not comment on the matter.
Court cybersecurity issues have drawn attention before. Michael Scudder, Chairman of the Federal Courts Information Technology Committee, testified before Congress in June this year stating that the CM/ECF and PACER systems are “outdated and difficult to maintain, posing high cybersecurity risks and urgently requiring upgrades.” He emphasized that the judicial system heavily relies on these systems daily but is facing “extremely serious security threats.”
Scudder stressed that updating these two major systems has become a top priority for the courts, yet due to being the “core backbone” of daily operations, the upgrade process needs to be carefully managed and implemented step by step.
As early as July 2022, the U.S. Department of Justice investigated a similar federal court system hacking incident. Former House Judiciary Committee Chairman Jerrold Nadler revealed at that time that the attack could be traced back to 2020 and involved three foreign hacker groups. Currently, there is no evidence indicating a direct link between that incident and this recent attack.