A U.S. federal court filing system has experienced a security breach after suspected nation-state actors potentially accessed highly sensitive non-public case documents.
According to the Administrative Office of the U.S. Courts, which manages the impacted filing system, the cyber attack occurred around July 4.
It impacted the Case Management/Electronic Case Files (CM/ECF), which enables legal professionals to upload and manage court documents, and PACER, a system that provides limited public access to case files.
Federal court system security breach leaks sensitive information
The Administrative Office of the U.S. Courts and the Department of Justice are investigating the security breach.
While the leaked information has yet to be disclosed, the security breach may have leaked information about witnesses and defendants, including non-public sealed indictments, alleged crimes, and search and arrest warrants.
Subsequently, witnesses and defendants who are cooperating with law enforcement could be at risk of physical harm. The security breach could also compromise ongoing investigations and allow current and future defendants to evade justice.
However, the security breach did not affect the “most highly protected federal court witnesses” as their details were stored in a separate filing system that was not impacted.
Nevertheless, an anonymous source told the news outlet that first reported the data leak, Politico, that the security breach resulted in about a dozen court dockets being illegally altered.
Politico also reported that the chief judges of the U.S. federal court of the 8th District were briefed about the security breach. The 8th District spans across Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota, and South Dakota.
U.S. Supreme Court Justice Brett Kavanaugh also attended the briefing, which was facilitated by Judge Robert J. Conrad, Jr., the Director of the Administrative Office of the U.S. Courts. Senate and House Judiciary Committees and Sub-committees were also briefed, as per one of the two anonymous sources who spoke to Politico on the condition of anonymity.
Meanwhile, this is hardly the first time that threat actors have breached the U.S. federal court system. Between 2020 and 2022, the federal court system experienced numerous cyber attacks by potentially unaffiliated and nation-state threat actors and leaked troves of sensitive information.
“The federal government remains one of the most valuable and persistent targets for cyber adversaries, foreign and domestic,” warned Ryan Sherstobitoff, Chief Threat Intelligence Officer. “So while news of another federal system compromise may not be surprising, it is no less alarming.”
Outdated federal court systems expose the Judiciary to cyber attacks
For far too long, the Department of Justice’s information technology systems have been described as antiquated and requiring urgent modernization.
“Judges and other experts have long warned Congress that the federal judiciary’s outdated electronic systems are vulnerable to exactly this kind of breach,” said Maryland’s Democratic House Judiciary Committee Ranking Member Jamie Raskin.
In early 2025, U.S. Circuit Judge Amy St. Eve also warned that years of underinvestment in cybersecurity had left the Judiciary vulnerable to cyber attacks.
In June 2025, U.S. Circuit Judge Michael Scudder also testified that the judiciary’s systems were “outdated, unsustainable due to cyber risks, and require replacement.”
“It’s reassuring to see the Chair of the Committee on Information Technology for federal courts call for modernization of the department’s cybersecurity defenses,” said Nick Tausek, Lead Security Automation Architect at Swimlane. “The sooner these measures are implemented, the better.
“Additionally, proactive security measures should be incorporated into the federal courts systems’ defenses in order to mitigate future attacks that will inevitably be inspired by the success of this one.”
Cyber attacks prompt U.S. courts to implement additional security measures.
Meanwhile, the Administrative Office of the U.S. courts is implementing additional security measures in response to cyber attacks plaguing the U.S. federal court system.
“The federal Judiciary is taking additional steps to strengthen protections for sensitive case documents in response to recent escalated cyberattacks of a sophisticated and persistent nature on its case management system,” the Judiciary stated.
In 2021, the administrative office announced similar measures in response to a cyber attack. That year, the Case Management/Electronic Case Files system (CM/ECF) was compromised via the SolarWinds supply chain attacks.
The Administrative Office is working with the U.S. courts to protect the impacted individuals. It is also liaising with Congress, the Department of Justice, the Department of Homeland Security, the executive branch, and other partners to mitigate the impacts of the cyber attacks.
Meanwhile, it remains unclear how the threat actors gained access to the federal court filing system. However, one anonymous source stated that the security breach had the hallmarks of the 2020 hack that exploited system vulnerabilities.
Chief Justice John Roberts had also previously assessed that unaffiliated hackers and state-sponsored threat actors were determined to steal information from U.S. courts for nefarious private and geopolitical purposes.
“Attacks on judicial systems sit at the intersection of espionage and influence,” Sherstobitoff continued. “Should this data be selectively exposed or misused, it may serve broader strategic interests, both for adversarial intelligence agencies and for fueling domestic distrust.”
While the identity of the threat actor remains unknown or undetermined, a July 2022 judiciary hack involved three hostile foreign actors, according to an investigation by the Department of Justice.
“What’s especially concerning is how little is still known about the attack, including the method of entry, the actors behind it, and the full scope of the breach,” added Tausek. “While investigations are still underway, the limited visibility may point to the involvement of a highly sophisticated threat actor, gaps in cybersecurity measures, or a combination of both.”
