U.S. court system breach linked to possible Russian involvement, officials say

Federal investigators have uncovered evidence suggesting Russia played at least a partial role in a long-running cyber intrusion targeting the U.S. court system’s electronic records network, compromising sealed documents that include highly sensitive national security information, according to several people briefed on the matter.

The breach, which officials believe may have involved other foreign actors as well, appears to be part of a yearslong effort to infiltrate the system that manages federal court documents, including the Case Management/Electronic Case Files platform and the PACER public access database. Sources said the intrusion included searches of midlevel criminal cases in multiple jurisdictions, some involving defendants with Russian and Eastern European surnames.

The disclosure comes days before former President Donald Trump is set to meet Russian President Vladimir Putin in Alaska to discuss ending the war in Ukraine.

An internal Justice Department memo, reviewed by The New York Times, warned court officials that “persistent and sophisticated cyber threat actors have recently compromised sealed records,” urging immediate removal of the most sensitive files from the network. The guidance echoed emergency measures issued in 2021, when the judiciary first acknowledged a major breach without attributing blame.

Court administrators recently advised district chief judges to stop uploading certain sensitive cases to the regular system and, in some districts, to avoid discussing the matter with other judges. In the Eastern District of New York, Chief Judge Margo K. Brodie on Friday ordered that sealed documents no longer be uploaded to PACER but instead stored on a separate, secure drive.

Officials confirmed the breach impacted courts in at least eight districts, including South Dakota, Missouri, Iowa, Minnesota and Arkansas. Both the Justice Department and the Administrative Office of the U.S. Courts declined to comment on the investigation.

Federal security teams are now working to determine the full scope of the breach, assess potential damage, and patch vulnerabilities in the court network, which has long been viewed as a potential target for foreign intelligence services. In a notice issued last week, court administrators acknowledged implementing “more rigorous procedures to restrict access to sensitive documents under carefully controlled and monitored circumstances,” but did not name the attackers or specify what was stolen.

Concerns over the judiciary’s cybersecurity have been mounting for years. After the 2021 breach, officials in sensitive districts resorted to filing certain documents by hand and delivering them in person. Judges were barred from accessing court systems while abroad, and in some cases were issued burner phones and new email addresses. Last year, the judiciary began rolling out multifactor authentication for system access.

Past officials have said Russia was behind the earlier breach, though it remains unclear whether Moscow acted alone this time. In 2022, Representative Jerrold Nadler of New York claimed foreign hackers had been inside the court network since early 2020, citing three unnamed entities. Justice Department national security chief Matthew Olsen later testified that the department was working with the judiciary to address vulnerabilities, though he downplayed the impact on ongoing investigations.