FOLLOW US

Bench Signals

• Federal courts confirm “escalated” cyberattacks against CM/ECF and PACER; security tightened nationwide.United States Courts
• New York’s federal courts shift sealed criminal filings off CM/ECF amid breach fallout; other districts issue similar directives.
• Hill testimony labeled CM/ECF and PACER “unsustainable due to cyber risks,” warning that compromised data could threaten investigations and public trust.House Documents

By Samuel Lopez – USA Herald

A sweeping cyberattack on the federal judiciary’s electronic filing infrastructure has jolted court administrators, prosecutors, and defense counsel across the country—and intensified questions about whether this was merely an external intrusion or a Trojan-horse style breach aided by stolen credentials or an insider.

The Administrative Office of the U.S. Courts (AO) said it is “taking additional steps to strengthen protections for sensitive case documents in response to recent escalated cyberattacks of a sophisticated and persistent nature”against its case management systems, including CM/ECF and PACER. United States Courts

Why this matters now

The breach, first brought to light in early August reporting, is believed to have touched courts in multiple states and exposed sealed materials—exactly the kind of non-public information that can upend prosecutions, tip off targets, or endanger cooperators if it’s altered or leaked. Policymakers were quietly briefed in late July; follow-up classified briefings are planned.

On Tuesday, additional reporting indicated investigators have developed evidence suggesting Russia is at least partly responsible—while stressing the full scope and authorship remain under investigation. In the wake of those findings, the Eastern District of New York directed that sealed materials in criminal matters not be filed through CM/ECF and use a separate, non-public pathway; other courts have issued similar changes or reverted to paper for sealed filings.

The attack surface: aging systems under strain

Long-standing warnings about the judiciary’s legacy technology now read like prophecy. In June testimony to the House Judiciary Subcommittee, Judge Michael Y. Scudder—who chairs the Judicial Conference’s Committee on Information Technology—told lawmakers that the judiciary “continues to face unrelenting security threats of extraordinary gravity” and confirmed that CM/ECF and PACER are “outdated, unsustainable due to cyber risks, and require replacement.” He added that court defenses blocked “approximately 200 million harmful events” in FY 2024. House Documents

The AO’s public statement strikes a similar tone: while most court filings are public by design, a subset contains sealed indictments, search warrants, cooperator information, and other confidential records that are prime targets for a wide range of threat actors. The judiciary says it is working with DOJ, DHS/CISA, and Congress while tightening controls around sensitive filings. United States Courts