The Department of Justice is investigating a data breach of U.S. court records dating back to 2020, raising concerns that federal investigations could be compromised.
The breach, first referenced by the Administrative Office of the U.S. Courts in January, may be more serious than originally suggested, Rep. Jerrold Nadler (D-NY) said during a House Judiciary Committee hearing on July 28. Lawmakers later learned that the court records breach came from an “incredibly significant and sophisticated” cyberattack, he said.
Nadler asked Matthew Olsen, the DOJ’s assistant attorney general for national security, whether any federal court cases or investigations had been compromised because of the breach. Olsen said he didn’t immediately know of any cases affected but needed to check into the question further. The DOJ is investigating the breach, he added.
“While I can’t speak directly to the nature of the ongoing investigation of the type of threats that you’ve mentioned regarding the effort to compromise public judicial dockets, this is, of course, a significant concern for us given the nature of the information that’s often held by the courts,” Olsen told the committee.
Three nations appear to be responsible for the breach, Nadler said. Neither he nor Olsen named those nations.
On Jan. 6, the Administrative Office of the U.S. Courts announced it was taking new security measures to protect its court records system. Those security measures came in response to “the recent disclosure of widespread cybersecurity breaches of both private sector and government computer systems,” the office said.
While some cybersecurity experts suggested the attack could be used to change the outcome of court cases, others said it’s likely that foreign attackers were looking for personal or corporate information. In most cases, documents filed with U.S. courts are available to the public, noted Gerard Filitti, senior counsel at the Lawfare Project, a legal think tank and litigation fund.
“Our adversaries are likely looking for sensitive data contained in documents filed under seal, which are typically available only to the parties in an action and appropriate court officials,” he told the Washington Examiner. “Such documents contain sensitive personal or corporate information — including financial information and trade secrets.”
Sealed documents can contain a “veritable treasure trove of information,” he added. This information “can be used by foreign competitors to their advantage, or that can be used by foreign powers to target individuals and companies with influence operations.”
Court records can contain detailed information about individuals involved in cases, added Mary Ann Miller, vice president of client experience at Prove, a digital identity solutions provider.
“This information can be used for extortion of an individual or other serious crimes,” she told the Washington Examiner. “Depending on the breach, these records can contain audio tapes, videotapes, and transcripts of proceedings.”
A breach of court records could harm the judicial process, be used to commit identity theft, and, in cases in which victims are being safeguarded, “put a life at risk,” added Miller, a former fraud executive at PayPal, Lloyds Bank, and other financial services companies.
In some cases, the attackers may have an interest in cases before U.S. courts, added Matt Georgy, chief technology officer of cyber defense firm Redacted. It’s possible attackers were gathering intelligence on specific cases, he said.
“While this could be used to help enable phishing and other cyber operations, there is a direct benefit for having access to the federal judicial system for a nation-state like Russia or China especially,” he told the Washington Examiner. “They would be able to see what is going on with cases that directly affected them to help them prepare responses, as well as learn what office was running the case and which specific named agents were involved.”
