Just a few days after administrators announced that the “federal Judiciary is taking additional steps to strengthen protections for sensitive case documents in response to recent escalated cyberattacks,” the New York Times reports investigators have found evidence Russia is “at least partially responsible” for a recent hack. Politico reported on the breach last week, saying it was “believed to have exposed sensitive court data across multiple U.S. states” and that while the system’s managers had been aware of its impact since around July 4th, they are still trying to figure out its full extent.
Searches by the attackers reportedly included cases “involving people with Russian and Eastern European surnames,” and may have compromised sealed records that weren’t publicly available.
After the SolarWinds breach in 2021, new procedures called for highly sensitive documents to be filed using paper or a secure electronic device, and not uploaded to CM/ECF. In 2022, the DOJ reportedly informed the judiciary of another ongoing breach.
According to the Times, district court chief judges were warned last month to keep cases with documents “related to criminal activity with an overseas tie” off of the usual document management system for federal cases, which is made up of the Case Management/Electronic Case Files (CM/ECF) where files are uploaded and managed, as well as PACER, a database that’s available to the public. It points to this order issued Friday by Eastern District of New York chief judge Margo Brodie, saying that, until further notice, “criminal cases and in cases related to criminal investigations are prohibited from being filed in CM/ECF,” and are instead to be uploaded to a separate system that doesn’t connect to PACER.
Last week’s notice from the Administrative Office of the U.S. Courts said:
The vast majority of documents filed with the Judiciary’s electronic case management system are not confidential and indeed are readily available to the public, which is fundamental to an open and transparent judicial system. However, some filings contain confidential or proprietary information that are sealed from public view.
These sensitive documents can be targets of interest to a range of threat actors. To better protect them, courts have been implementing more rigorous procedures to restrict access to sensitive documents under carefully controlled and monitored circumstances.