On January 6, 2021, the U.S. federal courts announced that the federal judiciary’s electronic filing and case management system suffered an “apparent compromise” during a cyberattack. Although the scope of the breach is not yet known, it could have significant consequences for businesses or entities that filed sensitive information that was filed in federal court. When documents that contain confidential or proprietary information, including a company’s most guarded secrets, need to be included in court filings, the sensitive documents are filed under seal and are unavailable to the public.
It is unknown whether sealed documents were compromised. However, the breach is thought to be widespread enough that all future documents containing “highly sensitive material” will need to be submitted to the courts on paper or on encrypted electronic devices for the time being, instead of using the electronic filing system.
Many courts try to limit the information filed under seal due to the policy of court proceedings being a public forum. Indeed, many courts’ local rules encourage trying to describe sensitive information in a general nature to the extent possible to avoid the need to file documents under seal. When drafting papers to be filed with the court, there may be more emphasis to draft pleadings with this in mind. In the instances where confidential material needs to be included in a court filing, plans must now be in place to accommodate the extra time it would take to file a paper copy or send an encrypted electronic device to the court.
Although the courts are still assessing the breach, certain temporary practices may be considered. Either asking for an agreement between the parties or requesting a court include such temporary practices as part of a court order. For example, the parties could agree for extra time in the event documents that would typically be filed under seal would need to be sent through a physical medium. Courts could also issue a standing order, and they likely will, once determining the specific impact of the breach to each particular court.
Indeed, one court (the United States Federal Court for the Northern District of Illinois), has issued a standing order defining what constitutes “highly sensitive material” that needs to be filed in a physical medium. This court’s order notes that there is a strong presumption in favor of public access to the court process, and the order mainly considers certain documents in criminal matters as “highly sensitive material.” However, this is not to say that other courts may determine other documents, such as those containing commercial trade secrets and confidential financial information will need to be filed in a physical medium.
The legal industry is anxiously waiting for clarity from the courts on the particular data that may have been accessed. We will continue to monitor this situation and follow up with any clients that we become aware may have been affected by the breach.
The cyberattack on the federal courts’ electronic filing system was carried out by attackers that compromised the SolarWinds Orion platform, an infrastructure monitoring and management platform used for IT administration for on-premises, hybrid, and software-as-a-service (SaaS) environments. The attackers used the SolarWinds Orion platform to distribute malicious software updates to SolarWinds’ customers and then carried out cyberattacks against several targets, including several federal agencies and private companies.
Given the nature of these cyberattacks and the targets, businesses should be taking steps to proactively address the issues raised by this cyberattack. Those include, among others:
- Identifying any court filings made under seal with any federal or state courts and develop a strategy in the event those filings were compromised. While this breach occurred with the federal courts’ electronic filing and case management system, many states also require documents to be filed with their own electronic filing systems. As governmental agencies appear to be a prime target of this attack, coupled with the fact that the full extent of this cyberattack is still unknown, state courts are also potential targets of this and other cyberattacks. The strategy should include a public relations plan to address disclosure of sensitive information that could affect your reputation and efforts to protect any trade secrets or other confidential contained within the filings.
- If you are a SolarWinds customer, determining whether you were affected by, or could be a potential victim, of this cyberattack. SolarWinds estimates that approximately18,000 customers downloaded the malicious software updates, making them potential targets.
- Scanning your networks to detect vulnerabilities and identify any unauthorized activity. Beyond the fact that the full scope of this cyberattack is unknown, there is a possibility that other cyberattacks have been carried out while the focus has been on this cyberattack.
- Ensuring that your information security measures are up to date with the current threat landscape, including taking steps to secure privileged access and to help mitigate the progression of this cyberattack. Additionally, you should actively monitor for updates from your software, technology and cybersecurity providers. However, before implementing any updates, ensure that any communications about updates are legitimate. Phishing attacks often rely on chaos, and these cyberattacks are creating a significant amount of chaos.
- Obtaining information from any of your technology service providers affected by this cyberattack to determine your potential exposure, the measures they are taking to protect you and your assets, and any mitigation steps they advise their clients to take.
Additionally, businesses affected by these cybersecurity attacks should remain mindful of their obligations under laws relating to data protection and reporting data breaches. If you have any questions about the potential impact these cyberattacks, please contact a member of our Privacy & Cybersecurity team.