Hackers Breach U.S. Federal Courts, Exposing Confidential Witness Identities
Hackers have breached the electronic case management system of the U.S. federal courts, gaining access to confidential information, including the identities of protected witnesses. The incident, which affected multiple district courts across several states, is being described as one of the most significant breaches in the history of the American judicial system. The potential exposure of informants involved in criminal proceedings has raised grave concerns.
The attack compromised the core infrastructure of the judiciary’s case management system—CM/ECF, used by attorneys to file documents, as well as PACER, the public interface granting access to the same records. According to sources familiar with the matter, the vulnerability was detected around July 4, though the full scope of the intrusion is still being assessed. The investigation is ongoing, involving the Department of Justice, the Administrative Office of the U.S. Courts, and the courts themselves.
It remains unclear how the attackers infiltrated the system. Investigators suspect the involvement of cybercriminal groups or state-sponsored actors. One veteran official with over two decades in the federal judiciary called the breach “unprecedented in its threat level.” Another confirmed that in one district, roughly a dozen case files had been altered—raising the possibility of evidence tampering or information concealment.
The danger is particularly acute given the nature of the data stored within the system. Beyond personal records and internal correspondence, CM/ECF holds sealed indictments, search and arrest warrants, and details of suspects’ cooperation with law enforcement. Such information is of immense value to both hostile states and organized crime groups.
Last week, during the Eighth Circuit Judicial Conference in Kansas City, court representatives were briefed on the incident in a session attended by Robert Conrad, head of the Administrative Office of the Courts. Supreme Court Justice Brett Kavanaugh was also present, though the topic of the breach was not addressed publicly.
The FBI and Department of Justice have yet to issue formal statements, and both the Administrative Office and Judge Conrad declined to comment.
Security concerns surrounding CM/ECF are not new. In June, Michael Scudder, Chair of the Judicial Conference’s Information Technology Committee, told Congress that the platform is outdated, insecure, and in urgent need of replacement. He stressed that the system underpins the courts’ operational framework and faces significant threats daily.
This breach follows earlier incidents: in 2022, the Justice Department investigated a separate major cyberattack—beginning in 2020—that reportedly involved three foreign hacking groups. It is not yet known whether the two incidents are connected.
Although the most sensitive witness-protection data is housed on a separate Justice Department platform, the bulk of the compromised records could still pose a serious threat. Even a minimal leak could disrupt criminal proceedings, undermine investigations, and endanger the lives of those cooperating with law enforcement.
Modernizing the case management system has been designated a top priority, but as Scudder noted, replacing CM/ECF and PACER can only be done in phases. Until that process is complete, the federal courts remain vulnerable to cyberattacks whose consequences could prove irreversible.