Congress Warns of US Court Records System Breach

Security

A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday.

Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday.

Nadler said three hostile actors had breached the Public Access to Court Electronic Records and Case Management/Electronic Case File (PACER) system, which provides access to documents across the US court system. The document system had suffered a “system security failure,” Nadler said.

The breach, first discovered in March, occurred in early 2020. It could affect pending civil and criminal litigation, Nadler warned.

In a testimony during the hearing, Matthew Olsen, assistant attorney general for the DoJ’s national security division, declined to say whether any cases had been affected by the hack to date. He said the division is “working very closely with the judicial conference and judges around the country to address the issue.”

Congressional lawmakers demanded answers from the Administrative Office of the US Courts (AOUSC). Senator Ron Wyden (D-OR) wrote it a letter accusing the judiciary of failing to modernize.

“I write to express serious concerns that the federal judiciary has hidden from the American public and many members of Congress the serious national security consequences of the courts’ failure to protect sensitive data to which they have been entrusted,” the letter said.

The AOUSC had hinted at a breach in January. In a statement promising extra safeguards to protect sensitive court records, it said it was working with the Department of Homeland Security on a security audit of PACER after identifying vulnerabilities that might affect sensitive non-public documents, including sealed filings.

“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” it said.

The AOUSC promised that sensitive court documents would now be stored in a “secure stand-alone computer system” and not uploaded to the public document management system.

Products You May Like

Articles You May Like

Panaseer Launches Guidance on Security Controls Ahead of EU’s New Legislation
New RansomExx Ransomware Variant Rewritten in the Rust Programming Language
Remote Code Execution Vulnerability Found in Windows Internet Key Exchange
New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
RansomBoggs: New ransomware targeting Ukraine

Leave a Reply

Your email address will not be published. Required fields are marked *