The US Court Records System Has Been Hacked

The US Court Records System Has Been Hacked

This week, the Las Vegas security conferences are in full swing, bringing with them a flood of news and updates on the latest threats to our digital safety. One of the most significant breaches highlighted at Black Hat and Defcon is the hacking of the US federal judiciary's electronic case filing system.

The breach, which was discovered around July 4, has raised serious concerns about the identities of confidential informants and the potential compromise of sealed court records across multiple US states. The CM/ECF or "case management/electronic case files" system used by courts to manage sensitive documents may have been impacted by the hack.

According to Politico, the breach could have exposed the identities of cooperating witnesses, raising questions about the safety and security of these individuals. However, the person responsible for the intrusion has not been identified or exposed.

The Administrative Office of the US Courts and the FBI declined to comment on the breach. In response to recent cyberattacks, the federal judiciary said it has been implementing new safeguards to address its ongoing exposure to "constant and sophisticated" cyber threats.

This incident highlights the longstanding warnings that the judiciary's systems are outdated and vulnerable. A top federal judge recently told Congress in June that CM/ECF and PACER face "unrelenting security threats" and need urgent replacement.

More Cybersecurity Threats Highlighted

In non-AI news, an end-to-end encryption algorithm recommended for radio communications used by police and military around the world can be easily cracked, according to new research. The researchers warn that weak implementations of the encryption algorithm could allow eavesdroppers to listen in—or even transmit their own messages.

Another researcher used a poisoned document that included a malicious prompt to trick ChatGPT into leaking a user's private information when it’s connected to a Google Drive. Additionally, misconfigured APIs in some streaming platforms used for company meetings and sports livestreams can allow someone to watch the streams without logging in.

A teen hacker discovered that an internet-connected smoke and vape detector in his high school’s bathroom contained microphones—and can be exploited for secret spying. A leaked trove of data has exposed how teams of suspected North Korean IT scam workers operate, from their meticulous record keeping to the after-work activities—and their near-constant surveillance by people running the schemes.

A pair of security researchers discovered a backdoor in an electronic lock used in at least eight brands of safes, and created a way to open the locks in seconds. They also found another vulnerability that allows them to figure out a safe’s unlock code. We also took a deep dive into the US military’s slot machine program, spoke with experts who say it’s inevitable that AI will become part of nuclear weapons systems, and revealed a string of break-ins of National Guard armories in Tennessee that experts say is part of a disturbing trend.

Other Cybersecurity News

A previously unreported cyberattack has breached the federal judiciary's electronic case filing system, potentially exposing the identities of confidential informants and compromising sealed court records across multiple US states.

The breach was discovered around July 4 and affects the CM/ECF—or “case management/electronic case files”—system used by courts to manage sensitive documents. Sources told Politico the hack may have impacted criminal dockets, arrest warrants, and sealed indictments, raising concerns that cooperating witnesses could be at risk.

The incident highlights the longstanding warnings that the judiciary's systems are outdated and vulnerable. A top federal judge told Congress in June that CM/ECF and PACER face “unrelenting security threats” and need urgent replacement.

Instagram’s New Map Feature Triggers Privacy Backlash

Instagram's latest feature—a searchable map showing user-posted content tagged to specific locations—has sparked a wave of privacy concerns, CNBC reports. Rolled out this week, the feature lets users explore photos and videos by browsing a visual map interface.

But users quickly raised alarms about the potential for stalking, harassment, and data misuse, especially for influencers and others posting real-time content from identifiable locations. “Instagram randomly updating their app to include a maps feature without actually alerting people is so incredibly dangerous to anyone who has a restraining order and actively making sure their abuser can’t stalk their location online,” one viral post warned.

Instagram said the feature only shows content from public accounts and reiterated that users can turn off location tagging. Still, the backlash echoes broader concerns about how tech platforms rapidly aggregate and expose personal data in ways that outpace users’ expectations and consent.

Hackers Breached Google’s Salesforce Database, Stole Customer Data

Hackers stole data from Google's customer support system in a breach linked to a compromised Salesforce account, TechCrunch reports. The intrusion, disclosed Wednesday, affected an undisclosed number of Google customers and involved unauthorized access to data such as contact details and “related notes for small and medium-sized businesses.”

The attackers reportedly targeted the data through Salesforce cloud systems. Google's Threat Intelligence Group pinned the attack on ShinyHunters, a hacking group known for targeting large companies' cloud-based databases, including Salesforce systems.

Columbia University Hack Exposed Data of 870,000 People

A cyberattack on Columbia University compromised the personal information of nearly 870,000 individuals, including students, applicants, and possibly staff, Bloomberg reports. The stolen data includes contact information, academic records, financial aid details, and some health and insurance information.

The breach, which dates back to mid-May, was only publicly acknowledged after Columbia filed reports with state attorneys general in California and Maine. A university official previously claimed the perpetrator was politically motivated.