The US federal judiciary agency has fallen victim to what it is calling 'escalated cyber attacks' targeting its electronic case filing system.
The attack involved the breach of data from Case Management/Electronic Case Files, used by legal professionals to upload and manage case documents, and PACER, which gives the public limited access to the same data.
Information exposed includes sealed indictments detailing information about alleged crimes that is not available to the general public, along with arrests and search warrants.
"The vast majority of documents filed with the Judiciary’s electronic case management system are not confidential and indeed are readily available to the public, which is fundamental to an open and transparent judicial system," said the Administrative Office of the United States Courts.
"However, some filings contain confidential or proprietary information that are sealed from public view. These sensitive documents can be targets of interest to a range of threat actors.
The judiciary said it is working with Congress, as well as the Department of Justice, the Department of Homeland Security, and others, to mitigate the risks and impacts of these cyber attacks.
Who’s behind the federal judiciary attacks?
It's not yet clear how the hackers gained access, nor who was responsible for the attack, although it's suspected to be nation state-affiliated actors.
Nick Tausek, lead security automation architect at Swimlane, described the incident as a “serious breach with far-reaching implications” due to the nature of the data exposed.
"What’s especially concerning is how little is still known about the attack, including the method of entry, the actors behind it, and the full scope of the breach,” Tausek said.
“While investigations are still underway, the limited visibility may point to the involvement of a highly sophisticated threat actor, gaps in cybersecurity measures, or a combination of both."
The breach is just the latest in a series of attacks, which have led to calls for improvements in security.
In June, Court of Appeals judge Michael Scudder testified before a House Judiciary subcommittee, pledging to modernize the agency's IT systems and introduce more rigorous procedures to restrict access to sensitive documents.
He said that replacing Case Management/Electronic Case Files and PACER was a top priority, but that this would take time.
"It’s reassuring to see the chair of the Committee on Information Technology for federal courts call for modernization of the department’s cybersecurity defenses. The sooner these measures are implemented, the better," said Tausek.
"Additionally, proactive security measures should be incorporated into the federal courts systems’ defenses in order to mitigate future attacks that will inevitably be inspired by the success of this one.”
Campaign group Fix The Court said that the Federal Judiciary needs to speed up its modernization work if it's to avoid similar attacks in the future.
"You know what would fix this? The Open Courts Act, a bill that would beef up cybersecurity by using modern technology to maintain the court records system, replacing the awkward, patchwork architecture exists today," it said. "Without it, this is going to happen again."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
The future of networking: cloud native networkingIn-depth Cloud-native networking is reshaping connectivity with service meshes, APIs, and open standards – bringing agility but also new challenges for enterprises
-
Shadow AI can be a tool for AI innovation with the right controls, say Gartner analystsNews Data-driven messaging and a supportive approach to securing AI tools are necessary for security staff looking to balance AI risks and unlock better funding
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
BreachForums founder resentenced to three years in prisonNews A US appeals court vacated his previous sentence and remanded the case for resentencing
-
Jaguar Land Rover says IT disruption set to continueNews The automotive manufacturer is still not fully operational after the recent cyber attack
