A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday.
Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday.
Nadler said three hostile actors had breached the Public Access to Court Electronic Records and Case Management/Electronic Case File (PACER) system, which provides access to documents across the US court system. The document system had suffered a “system security failure,” Nadler said.
The breach, first discovered in March, occurred in early 2020. It could affect pending civil and criminal litigation, Nadler warned.
In a testimony during the hearing, Matthew Olsen, assistant attorney general for the DoJ’s national security division, declined to say whether any cases had been affected by the hack to date. He said the division is “working very closely with the judicial conference and judges around the country to address the issue.”
Congressional lawmakers demanded answers from the Administrative Office of the US Courts (AOUSC). Senator Ron Wyden (D-OR) wrote it a letter accusing the judiciary of failing to modernize.
“I write to express serious concerns that the federal judiciary has hidden from the American public and many members of Congress the serious national security consequences of the courts’ failure to protect sensitive data to which they have been entrusted,” the letter said.
The AOUSC had hinted at a breach in January. In a statement promising extra safeguards to protect sensitive court records, it said it was working with the Department of Homeland Security on a security audit of PACER after identifying vulnerabilities that might affect sensitive non-public documents, including sealed filings.
“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” it said.
The AOUSC promised that sensitive court documents would now be stored in a “secure stand-alone computer system” and not uploaded to the public document management system.