Lawmakers on the Hill revealed last week that a cyber-attack on the US justice system had compromised a public document management system. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the discovery at a hearing on oversight in the Justice Department.
Nadler disclosed that three hostile actors had breached the Public Access to Court Electronic Records and Case Management/Electronic Case File (PACER) system, which provides access to documents across the US court system. Nadler said that the document had suffered a “system security failure.”
First discovered in March, the breach occurred in early 2020. Nadler warned that the breach could affect pending civil and criminal litigation.
In a testimony during the hearing, the assistant attorney general for the DoJ’s national security division, Matthew Olsen, did not say whether any cases had been affected by the hack to date. Olsen noted that the division is “working very closely with the judicial conference and judges around the country to address the issue.”
Congressional lawmakers demanded answers from the Administrative Office of the US Courts (AOUSC). A letter was written by Senator Ron Wyden (D-OR) accusing the judiciary of failing to modernise.
The letter said, “I write to express serious concerns that the federal judiciary has hidden from the American public and many members of Congress the serious national security consequences of the courts’ failure to protect sensitive data to which they have been entrusted.”
The AOUSC has been hinting at a breach since January. In a statement promising extra safeguards to protect sensitive court records, it said that it was working with the Department of Homeland Security on a security audit of PACER after identifying vulnerabilities that might affect sensitive non-public documents.
It said, “an apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation.”
The AOUSC promised that sensitive court documents would now be stored in a “secure stand-alone computer system” and not uploaded to the public document management system.