Justice Department investigating data breach of federal court system

Assistant Attorney General for National Security Matthew Olsen testified to the committee that NSD is “working very closely with the judicial conference and judges around the country to address this issue,” and committed to updating the committee on the investigation as it progressed.

Wider impact: A committee aide said that Nadler’s questions came after the committee received a briefing on the attack, noting that “the sweeping impact it may have had on the operation of the Department of Justice is staggering.” The aid was granted anonymity in order to discuss a private briefing.

Looking for the details: Committee member Rep. Sheila Jackson Lee (D-Texas) pressed Olsen for more details on how many cases had been impacted by the breach.

“I would expect your preparation and for us to be able to get that information as quickly as possible in a setting that would be appropriate, but this is a dangerous set of circumstances that has now been publicly announced, and we need to know how many …were dismissed,” Jackson Lee said.

Nadler questioned Olsen on whether the breach had in any way affected cases pursued by the NSD, and Olsen testified he could not “think of anything in particular.”

Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, sent a letter Thursday to the Administrative Office of the US Courts expressing “serious concerns that the federal judiciary has hidden” the consequences of the data breach from Congress and the public.

“The federal judiciary has yet to publicly explain what happened and has refused multiple requests to provide unclassified briefings to Congress,” Wyden wrote in the letter.

Asked for further details on the breach, Wyden said that he “can’t get into that” for fear of “running afoul of the classification system.”

The response: The US Courts system put out a statement in January 2021 acknowledging that its Case Management/Electronic Case Files system, or CM/ECF, had been compromised as part of the massive breach. As a result, procedures for filing highly sensitive documents were changed so that they could only be handed in via paper documents, a secure electronic device or through a secure computer system.

David Sellers, a spokesperson for the Administrative Office of the US Courts, on Thursday pointed to the January 2021 statement in noting that “the Judiciary faces a significant threat to our electronic case management system.” Sellers said that US Courts had taken steps since then to protect its networks, including through working with the Department of Homeland Security to address vulnerabilities, and establishing the Judiciary IT Security Task Force to make recommendations for ways to strengthen security further.

“Cybersecurity is one of our highest priorities,” Sellers said. “We continue to work closely with our executive branch partners, take precautions to protect our systems, and engage in the modernization of the existing CM/ECF system.”

Luis Rossello, a Justice Department spokesperson, declined to comment on the case, and FBI spokesperson Manali Basu declined to comment in favor of DOJ.

— Josh Gerstein contributed to this report

Leave a Comment