A major cyber intrusion has compromised critical systems used by the US federal courts, disrupting operations in multiple districts and raising fears of potential exposure of sensitive case records. The breach, which was publicly confirmed by the Administrative Office of the US Courts (AO) on Aug. 7, affected the judiciary’s two primary digital platforms: the Case Management/Electronic Case Files (CM/ECF) system and PACER—two essential portals responsible for providing public access to court filings.
According to officials familiar with the matter, the attack was detected in early July and is now under investigation by the Department of Justice, the Department of Homeland Security, and other federal partners. While the AO did not describe the incident as a complete shutdown, several courts have taken portions of their filing systems offline as a precaution. Some sensitive filings are being handled outside of the electronic system entirely.
The AO called the incident a “serious compromise” of judicial infrastructure, one that prompted immediate steps to limit access and strengthen security protocols. The move follows years of warnings from the Government Accountability Office and judiciary officials that the courts’ digital systems (which were built decades ago) are increasingly vulnerable to sophisticated cyber threats.
Federal agencies have not yet confirmed who was responsible. A recent update, however, revealed that investigators are examining whether the breach is linked to Russian-affiliated hacking groups due to similarities with previous espionage campaigns. But officials stress that attribution remains preliminary, and it could take months before they know the full scope of the attack or whether any sealed or classified materials were taken.
What is clear, however, is that any leak of confidential case records could have far-reaching consequences. This might include exposure of sealed filings that could jeopardize active law enforcement operations, reveal the identities of confidential informants, or be used to intimidate witnesses.
In Washington, the incident has triggered calls for accountability and reform. Members of Congress, already briefed on the breach in late July, have requested classified follow-ups and are pressing for public hearings. Lawmakers from both parties say the episode underscores the judiciary’s chronic underinvestment in cybersecurity.
CISA, the Cybersecurity and Infrastructure Security Agency within DHS, is sharing threat information and technical guidance with the judiciary as the investigation unfolds. Forensic teams are combing through compromised networks to determine how the attackers gained access and whether they altered or removed records.
However, restoring secure, nationwide digital access will not be quick. Officials say the process will unfold in phases, beginning with hardening existing systems and expanding protections for high-risk cases.
For the judiciary, which has long operated with far less cybersecurity attention than executive branch agencies, the breach marks a sobering shift. The courts, once considered a lower-priority target for foreign adversaries, are now firmly in the crosshairs.
And for a democracy built on the rule of law, the warning is plain: safeguarding the integrity of judicial records is no less critical than protecting the ballot box.
