Federal Court System Hack Exposed Sealed Documents

In August 2025, the Administrative Office of the U.S. Courts confirmed what cybersecurity experts had feared: the federal judiciary's Case Management/Electronic Case Files (CM/ECF) system—the same infrastructure that powers PACER—had been breached.

This wasn't a minor incident. The attackers accessed sealed indictments, arrest warrants, search warrants, confidential informant identities, witness statements, cooperation agreements, and national security-related court filings across multiple federal districts.

What Was Compromised

The breach potentially exposed the most sensitive documents in the federal court system:

• Sealed indictments—criminal charges not yet made public
• Confidential informant identities—people whose safety depends on secrecy
• Witness statements—testimony that could endanger witnesses
• Cooperation agreements—evidence of who is working with prosecutors
• National security filings—classified material in terrorism and espionage cases

How It Happened

The federal court system's architecture made it vulnerable:

Decentralized Security

The judiciary operates 204 separate court websites, each managed by personnel with varying security expertise. There's no unified security team—each district handles its own.

Legacy Infrastructure

CM/ECF predates modern web security frameworks. Judge Michael Scudder testified to Congress in June 2025 that federal courts blocked approximately 200 million harmful cyber "events" in fiscal year 2024—a number that shows both the scale of attacks and the strain on aging systems.

Insufficient Segmentation

PACER (the public access system) and CM/ECF (the internal filing system) share infrastructure. This means an attack on the public-facing system can potentially reach sealed documents.

Delayed MFA Implementation

Multi-factor authentication wasn't mandated until August 25, 2025—but the breach occurred before full implementation.

The Response: Back to Paper

In the immediate aftermath, courts took an extraordinary step: they went analog.

More than a dozen federal district courts announced they would no longer allow electronic filing of sealed documents. Instead, attorneys must physically bring sensitive materials to the clerk's office.

The Western District of Oklahoma's order was typical: "To better ensure the security of information in sealed filings, effective August 11, 2025, sealed documents must be filed conventionally over the counter at the Court Clerk's Office."

This is a remarkable admission. The federal judiciary—which spent decades building electronic filing infrastructure—has concluded that for the most sensitive documents, digital systems can't be trusted.

This Wasn't the First Attack

The 2025 breach follows a pattern:

• 2020-2021: An earlier breach, revealed by Rep. Jerry Nadler in July 2022, involved "three hostile foreign actors" and provided prolonged unauthorized access to sealed documents
• 2024: A cyber intrusion targeting attorneys in a civil case involving Rep. Matt Gaetz led to leaked sealed depositions
• Ongoing: State courts across the country have reported successful ransomware attacks, with some systems offline for months

The judiciary has known about these vulnerabilities for years. Congressional testimony has repeatedly warned that CM/ECF is "more than a little creaky." Yet modernization has been slow.

What This Means for Legal Professionals

The breach has immediate implications for anyone filing sensitive documents:

Check Your Court's Current Procedures

Filing requirements are changing rapidly. What was standard procedure in July may be prohibited now. Before filing anything under seal, check your district's current standing orders.

Consider Highly Sensitive Document (HSD) Procedures

Even courts that haven't mandated paper filing may allow you to request HSD treatment for sensitive materials. This provides additional security controls.

Minimize What You Include

Federal Rule of Civil Procedure 5.2 requires redaction of specific personal identifiers—but that's a floor, not a ceiling. Consider whether each piece of sensitive information is truly necessary for the filing.

Redact Before You File

Whether filing electronically or on paper, redaction is your responsibility. The Clerk's Office does not review documents for compliance. If sensitive information gets through, the fault lies with the filing party.

The Bigger Picture: Document Security in Crisis

The federal court breach is part of a broader pattern. 2025 has seen:

• The Epstein files release with inconsistent redactions
• Meta's FTC trial redaction failure exposing competitor data
• Multiple state court systems hit by ransomware
• Ongoing attacks on law firm document management systems

The assumption that documents filed electronically are secure has been shattered. Organizations handling sensitive materials need to rethink their approach.

Lessons for Any Organization

The federal court breach offers lessons beyond the legal profession:

1. Segmentation matters. Public-facing systems and sensitive data stores should not share infrastructure.
2. Legacy systems are targets. The older the system, the more likely it contains unpatched vulnerabilities.
3. Decentralized security fails. When 204 different teams manage security, the weakest link compromises everyone.
4. Defense in depth is essential. When system security fails, document-level protections become critical. Proper redaction is the last line of defense.

The federal judiciary learned this the hard way. You don't have to.