In response to what it described as a "sophisticated and persistent" cyberattack targeting the federal judiciary's electronic case management systems, the Administrative Office of the U.S. Courts has announced a series of heightened cybersecurity measures designed to protect sensitive court documents and strengthen infrastructure resilience. The measures come following a breach that has raised serious concerns about the security of systems critical to the judicial process, including CM/ECF (Case Management/Electronic Case Files) and PACER, the online portal used for public access to court records.
Heightened security measures for sensitive filings
In a statement issued August 7th, the U.S. Courts confirmed it is "taking additional steps to strengthen protections for sensitive case documents in response to recent escalated cyberattacks of a sophisticated and persistent nature on its case management system." The judiciary said it would "further enhance security of the system and block future attacks," while working closely with courts to mitigate any impact on litigants. One immediate change is the introduction of tighter access controls around sealed or highly-sensitive filings, which will now only be accessible under "carefully controlled and monitored circumstances."
A breach with far-reaching implications
Multiple media outlets, including Politico, have reported that the breach was discovered around the July 4th holiday and may have exposed some of the most sensitive material in the federal court system. This includes sealed indictments and, reportedly, the identities of confidential informants in multiple federal districts. Lawmakers and court leaders were briefed on the incident in late July, and a classified follow-up is scheduled for September. The seriousness of the attack has drawn parallels to previous compromises of federal systems, though this incident is believed to involve far more sensitive legal data.
Legacy systems under scrutiny
The cyberattacks have again brought national attention to the judiciary's longstanding IT challenges. CM/ECF and PACER have been in service for decades and, according to court IT officials, are "outdated" and "unsustainable due to cyber risks." Calls for replacing these systems have grown louder in recent years, and the judiciary's IT modernization strategy—outlined in its FY2025 plan—emphasizes phasing out legacy applications, standardizing identity and access systems, and building a more secure digital backbone for case management and public access services.
Not the first time
This is not the first time the judiciary has faced a serious cyber incident. In 2020, foreign-affiliated actors breached parts of the court system, prompting the U.S. Department of Justice to investigate and leading to new protocols for processing highly-sensitive documents. In 2021, the judiciary began handling such filings via air-gapped systems to reduce exposure. Since then, the courts have invested in layered defenses, including multifactor authentication, Zero Trust architecture, vulnerability scanning, and secure storage for sealed filings.
Why the courts are an attractive target
The recent breach underscores the growing threat to legal institutions, which hold vast amounts of confidential and high-value data. For cybercriminals and nation-state actors, access to sealed court records can yield intelligence on investigations, litigation strategies, and individuals cooperating with law enforcement. The attack also highlights the challenges of securing legacy infrastructure in a high-stakes production environment where availability is as critical as confidentiality.
[REALTED: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case]
The road ahead
For cybersecurity professionals, the federal judiciary's response offers a case study in crisis management for critical infrastructure. The combination of outdated systems, sensitive data, and the need for uninterrupted operations creates a complex security equation. Modernization will require not just technical upgrades but also sustained funding, close coordination with federal partners, and a shift toward more proactive threat detection and response.
The coming months will be critical as the judiciary implements its enhanced security measures and Congress considers additional funding for system replacements. Lawmakers, court officials, and federal cybersecurity agencies will be watching closely to determine whether the changes are sufficient to restore confidence in the integrity and security of the nation's court records.
For more insights on this topic, attend the SecureWorld Critical Infrastructure virtual conference on August 28, 2025. See the agenda and register here.
Follow SecureWorld News for more stories related to cybersecurity.
