DOJ investigating 2020 cyber breach of online court document filing system

It was announced last year that, among multiple cyberattacks against the government and private organizations, the nation’s online filing system for court documents had been breached.

During a House Judiciary Committee hearing Thursday, it was further revealed by a top Justice Department official that a federal investigation remained ongoing into what that official described as “one of the most significant threats” that has been posed against national security, the Washington Examiner reported.

The breached system in question is known as PACER CM/ECF, which stands for Public Access to Court Electronic Records and Case Management/Electronic Case Files, and though the breach is believed to have occurred in early 2020, it was only in March of this year that Congress was fully informed of the significance of what occurred.

Concerns over the extent of the breach of the online court document filing system

Courthouse News reported that committee Chairman Jerry Nadler (D-NY) pointed out that while the DOJ had acknowledged the PACER system breach with a memo in January 2021, it wasn’t until March 2022 that his committee learned of “the startling breadth and scope of the courts’ document management system security failure.”

“Perhaps even more concerning is the disturbing impact of security breach and on pending civil and criminal litigation,” Nadler said during the hearing, “as well as an ongoing national security or intelligence matters.”

Testifying at that hearing was Matthew Olsen, the assistant attorney general of the DOJ’s National Security Division, but due to the unclassified nature of the hearing, he was unable to answer many of the questions posed to him about the breach or the investigation by committee members.

“I can’t speak directly to the nature of the ongoing investigation of the types of threats that you’ve mentioned regarding the effort to compromise public judicial dockets,” Olsen said at one point. “This is of course a significant concern for us, given the nature of the information that is often held by the courts.”

He did acknowledge that his division was looking closely at other foreign governments — particularly China, Iran, North Korea, and Russia — and said, “The threat we face from cyber-enabled attacks — whether that’s to the government and public sector, including Congress, or to the private sector — is one of the most significant threats we face as a country to our national security.”

With regard to Nadler’s specific concerns about the potential impact on national security cases, Olsen said he was unaware of any that had been “materially impacted, prolonged or dismissed,” but added that the DOJ and National Security Council were continuing to audit their systems in order to determine if anything had been compromised and to guard against future breaches.

Olsen further explained, “When it comes to the sophisticated nation-state type activity that we see in cyber, the challenge is significant and it’s very difficult to ever be in a position to say that any system is 100 percent safe when it comes to sophisticated nation-states that seek to obtain persistent access to these systems.”

Changes to filing procedures already made

However, Olsen referenced action taken by the DOJ and judicial branch that was announced in the January 2021 notice, primarily that from that point forward, “highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system.”

“These sealed HSDs will not be uploaded to CM/ECF. This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public,” the notice added.

Latest News