WASHINGTON (BLOOMBERG) - Three hostile foreign actors breached the federal courts document management system via "an incredibly significant and sophisticated" cyberattack more than 18 months ago, the chairman of the US House Judiciary Committee said on Thursday (July 28).
Representative Jerrold Nadler, the New York Democrat, said that his committee learnt in March of "the startling breadth and scope of the courts' documents management system security failure".
He added the hack had a "disturbing impact" on both pending civil and criminal litigation and national security.
In January 2021, the Administrative Office of the US Courts said it was investigating "an apparent compromise" in its electronic case filing system, which enables attorneys to file case documents such as pleadings, motions and petitions with courts online.
The office said the breach occurred as a result of vulnerabilities in its electronic case filing system that risked compromising sensitive sealed filings.
Sealed filings are not publicly available and can be kept from view due to a range of concerns spanning confidential personal and business information or national security secrets.
Mr Matthew Olsen, assistant attorney-general for the National Security Division at the Department of Justice, cited hacking threats from China, Russia, Iran and North Korea in response to Mr Nadler's concerns during a Thursday committee hearing, saying that the challenge when it comes to nation-state cyber activity is "significant".
He referred to an ongoing investigation into the matter but gave no details.
Mr Nadler did not name the three hostile foreign actors or say how he learnt of their alleged role.
Senator Ron Wyden, a Democrat from Oregon, said the federal judiciary has yet to publicly explain what happened and has refused multiple requests to provide unclassified briefings to Congress.
On Thursday, he accused the federal judiciary of concealing what happened and demanded more information.
"I write to express serious concerns that the federal judiciary has hidden from the American public and many members of Congress the serious national security consequences of the courts' failure to protect sensitive data to which they have been entrusted," Mr Wyden said in a letter to the Director of the Administrative Office of the US Courts.
Mr Wyden said the judiciary's decentralised court system is flawed and has opposed congressional efforts to modernise, creating unmanageable security risks. He urged the federal judiciary to adopt a set of mandatory cybersecurity standards and audits that all federal courts would be required to follow.
Mr Nadler said the breach was not related to a cyber-espionage campaign that was revealed in December 2020 and affected nine federal agencies - including the Department of Justice - and about 100 businesses.
US officials blamed that attack, which partially relied on installing malicious code in updates for software made by SolarWinds, on Russian state-sponsored hackers.
In January, 2021, an Administrative Office spokesman told Bloomberg Law that they believed the apparent compromise was tied to the broader SolarWinds-related hacks.
The office did not respond to requests for comment on Thursday about whether the breach referenced on Thursday is separate from the one disclosed last year or if the breach disclosed last year was unrelated to SolarWinds.