Evidence Points to Russian Role in PACER Breach

Investigators Find Possible Russian Involvement in PACER Hack

Federal investigators have uncovered evidence suggesting Russia may be at least partially responsible for a recent breach of the judiciary’s case management systems, according to reporting from the New York Times. The hack — first described in detail by Politico — is believed to have made sensitive court records accessible and may have included searches of cases tied to people with Russian and Eastern European surnames.

Judicial administrators have reacted quickly. District and chief judges are restricting where certain criminal matters can be filed, moving them off CM/ECF and into separate systems that do not connect to PACER. Eastern District of New York Chief Judge Margo Brodie issued an order barring criminal case filings in CM/ECF until further notice.

This comes after earlier reforms following the 2021 SolarWinds compromise, which recommended paper or secure-device filing for the most sensitive materials. The Administrative Office of the U.S. Courts emphasized that while most filings should remain public, sealed or confidential documents are desirable targets for threat actors and need stricter, monitored handling.

Why it matters: leaked sealed records can damage investigations, expose witness identities, compromise national security cases, and undermine public trust in the justice system. The hack illustrates how adversaries can exploit systems designed for transparency and public access.

Think of the federal filings ecosystem as a courthouse with a public lobby and a locked backroom. PACER and CM/ECF are the lobby — open by design. The recent intrusion shows the backroom needs stronger locks, stricter visitor logs, and better alarm systems.

• Segregate sensitive case filings from public systems and enforce strict access controls.
• Conduct rapid forensic mapping to identify what data was accessed and which cases are affected.
• Harden monitoring and logging around document access and implement tighter vetting for bulk searches.
• Run scenario-driven tabletop exercises to test filing, disclosure, and incident response procedures.

Practical steps are urgent but nuanced. Courts must balance openness — a core democratic value — with protection of victims, witnesses, and national security. That means targeted controls, not blanket secrecy: preserve public access where appropriate, but lock down anything with overseas ties or criminal intelligence risk.

For law firms, federal agencies, and court administrators, this is a moment to reassess document lifecycles: who creates sensitive files, where they are stored, who can query them, and how access is audited. Attackers increasingly use low-effort searches to piece together high-impact insights.

QuarkyByte’s approach is analytical and pragmatic: we map flows, prioritize high-risk records, and align controls to the operational realities of courts and counsel. That means building solutions that protect sensitive information without grinding court operations to a halt.

The investigation is ongoing and the full scope remains unclear. What is already clear is that judicial systems must move from ad hoc fixes to durable, auditable protections for sealed documents — or risk repeated privacy and security failures.