Skip to main content

US federal courts were reportedly hit by another data breach

US federal courts were reportedly hit by another data breach


First SolarWinds, now this

Share this story

Digital photo illustration of a laptop displaying a black and green image of the Capitol building, with ones and zeroes falling in the background.
Lawmakers are blaming “three hostile foreign actors.”
Photo by Amelia Holowaty Krales / The Verge

The federal courts’ document system was hit by a breach with a “startling breadth and scope” in early 2020, according to a report from Politico that cites testimony from House Judiciary Committee Chair Jerrold Nadler. The Department of Justice (DOJ) reportedly informed the judiciary about the breach in March and told lawmakers that an investigation is ongoing. Other lawmakers, such as Senator Ron Wyden (D-OR), expressed concern that the DOJ had been hiding information about the breach and was refusing to explain it to the public and Congress.

Nadler reportedly said that the “system security failure” was the work of “three hostile foreign actors,” though, according to Reuters, security officials for the DOJ didn’t specify which countries could be involved.

The courts have since moved their most sensitive files to paper or offline USB drives

In early 2021, the federal judiciary system announced that it would be going low-tech for its most sensitive documents, saying that they'd have to be delivered by hand instead of going through the publicly available Case Management and Electronic Case Files system. At the time, it cited the SolarWinds attack, which gave hackers access to the systems of dozens of businesses and government agencies, as the reason for the policy change. Although the SolarWinds attack is also thought to have begun in early 2020, the breach disclosed by Nadler is reportedly a separate incident.

At the moment, details about what the attackers had access to or how they managed to get into the judiciary’s systems aren’t publicly available. It’s also unclear when the attack was discovered by DOJ officials. The National Security Division of the Justice Department didn't immediately respond to The Verge’s request for comment about the hack and subsequent investigation.