Cyber Incident Victim: US Federal Court System

On January 6, 2021, the Administrative Office of the U.S. Courts publicly disclosed an “apparent compromise” of its electronic filing and case management system (CM/ECF), which handles federal court documents nationwide. The agency attributed the breach to a likely connection with the SolarWinds Orion supply chain attack that impacted multiple U.S. government entities and private organizations. The Administrative Office confirmed it was collaborating with the Department of Homeland Security to conduct a comprehensive audit of the compromised system. No specific technical details about the intrusion method or timeline of unauthorized access were provided in the disclosure. The CM/ECF system’s centralized infrastructure supports critical functions across all federal courts, though individual courts retain autonomy over document filing protocols.

The breach’s full scope remained undetermined at the time of reporting, with the Administrative Office acknowledging uncertainty regarding which documents or data might have been exposed. Impacts varied across jurisdictions due to decentralized control over filings, as individual courts independently determine what sensitive information—including corporate secrets, sealed records, or classified materials—gets uploaded to the system. No specific compromised cases, litigants, or document types were identified publicly. The Administrative Office declined to provide further details about potentially affected data categories or operational consequences beyond confirming the system audit. Response efforts focused exclusively on the joint forensic investigation with DHS, with no disclosed containment measures, restoration timelines, or notifications to affected parties at the time of initial reporting.