Federal Judiciary's Electronic Case Filing System Compromised in August 2025 Cyberattack

The U.S. federal judiciary's electronic case filing systems, including CM/ECF and PACER, were compromised in a significant cyberattack during August 2025. This breach resulted in the exposure of sensitive court data across multiple states, triggering investigations by federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

The Administrative Office of the U.S. Courts (AO) has been engaged in a multi-year effort to modernize and secure its IT infrastructure, a process acknowledged in 2021 to be necessitated by years of underinvestment that had left systems vulnerable. This ongoing effort includes the expansion of multi-factor authentication (MFA) and the adoption of Zero Trust Architecture (ZTA) principles. Federal judges, including U.S. Circuit Judge Michael Scudder, chair of the Judicial Conference of the United States' Committee on Information Technology, have previously alerted Congress to the persistent and sophisticated cyber threats facing the judiciary, noting that systems like CM/ECF and PACER are outdated and require replacement. In fiscal year 2024, approximately 200 million harmful cyber events were prevented from penetrating court local area networks, underscoring the continuous challenges in protecting sensitive legal data and maintaining public trust.