Incident Overview
Recently, the federal judiciary’s electronic case management system (CM/ECF) was compromised in a large-scale cyberattack. While the Administrative Office of U.S. Courts has publicly acknowledged the incident, its statement did not identify specifically what was accessed or compromised within the system. The judiciary did acknowledge, however, that the hackers appear to have accessed "highly sensitive non-public documents." The New York Times recently reported that an internal Justice Department memo disclosed that "persistent and sophisticated cyber threat actors have recently compromised sealed records."
Federal courts use the case management system for multiple purposes, including to manage all court filings though the Case Management/Electronic Case Files (CM/ECF) system, as well as to provide the public with limited access to court filings through the Public Access to Court Electronic Records (PACER) system. Although its purpose is to make certain legal records available to the public, PACER also contains materials sealed from public view, such as sensitive intellectual property, trade secrets, pricing information, and other confidential filings.
Recent evidence suggests Russian state-linked threat actors may have been involved in the cyberattack. Sensitive PACER records have long been a target for foreign adversaries, and cyberattacks of this scale are not new. Following a 2021 breach, courts began uploading "highly sensitive court documents" (HSDs) to secure stand-alone systems. In the wake of this latest sophisticated cyberattack, some courts have further restricted sealed filings, implemented multi-factor authentication, and even prohibited overseas access to PACER. Those companies and firms that have submitted sealed filings through CM/ECF containing especially sensitive information should evaluate their risk and, if the level of concern warrants it, consider contacting outside counsel to determine what options may be available to address the incident.
Key Recommendations
- CM/ECF and Sensitive Filings
- Review all filings submitted through CM/ECF for sensitive intellectual property, trade secrets, pricing information, or other confidential content.
- When possible, request alternative submission methods such as secure offline delivery, encrypted portals, or sealed hard-copy filings.
- Incident Response & Cyber Preparedness
- Keep your incident response plan current and include court system breach scenarios.
- Maintain cyber insurance that covers legal and regulatory costs, and ensure Smith Anderson or your preferred counsel is listed as counsel on your policy.
- Train staff to identify and escalate suspected cybersecurity incidents quickly.
- If you suspect exposure of court-related data, contact legal counsel immediately to assess obligations, manage communications, and coordinate with authorities.
