US DoJ probing 'incredibly significant' breach of federal records
The breach dates back to early 2020
The US Department of Justice is conducting an investigation into a cyber intrusion involving the federal court records management system.
The incident was a "significant concern," Matt Olsen, chief of the Justice Department's National Security Division (NSD), told the House Judiciary Committee. He said the NSD was working "very closely" with the Judicial Conference and judges around the nation to resolve the problem.
Committee chair Jerrold Nadler (D-NY) told fellow lawmakers that "three hostile foreign actors" had hacked the document filing system, resulting in a "system security failure."
The breach happened in the early part of 2020 and was unrelated to the SolarWinds hack.
According to Nadler, the Committee first became aware of the breach's "startling breadth and scope" in March this year.
In January 2021, the US courts system issued a statement saying it was looking into a potential breach of its Case Management/Electronic Case Files system (CM/ECF).
It noted that the US Courts' Administrative Office (AO) was working with the Department of Homeland Security on a security audit concerning vulnerabilities in the Judiciary's CM/ECF. These vulnerabilities 'greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings.'
As a consequence, the procedures for submitting sensitive papers to courts were altered so that they could only be submitted on paper, through a secure electronic device, or via a secure computer system.
Olsen did not comment on who was responsible for the data breach; however, he did mention that his division was typically focused on threats posed by cyberattacks coming from foreign countries such as Russia, China, Iran, and North Korea.
Nadler asked Olsen how many cases in his division were affected as a result of breach. Olsen said that he couldn't "think of anything in particular" in terms of specific cases that the incident affected.
According to Politico, Sen. Ron Wyden wrote to the AO with his concerns that the federal court had kept Congress and the general public in the dark about the ramifications of the data leak.
Because of the possibility of cyberattacks on an outdated electronic system, the federal judiciary has been working to update its electronic case management and filing system as well as the associated web portal, known as PACER, which is used to access records.
"We are vulnerable," US Circuit Judge Amy St. Eve said at a May hearing before a House committee on the judiciary's budget request.