Cybersecurity

Democrats seek answers on impact of Russian cyberattack on Justice Department, Courts

A group of Senate Democrats led by Sen. Richard Blumenthal (Conn.) this week sought to get answers on the impact of the recently discovered breach of IT group SolarWinds on the Department of Justice (DOJ) and the U.S. Courts (AO), both of which were compromised. 

“We are alarmed at the potential large-scale breach of sensitive and confident records and communications held by the DOJ and the AO, and write to request information about the impact and the steps being taken to mitigate the threat of this intrusion,” the senators wrote in a letter sent to senior DOJ and AO leaders on Wednesday, but provided to The Hill on Friday. 

The senators’ concerns come weeks after both the Justice Department and the U.S. Courts reported that they had been among the federal agencies compromised by the Russian attack on SolarWinds, which was uncovered in December but had been ongoing for more than a year.

In a statement earlier this montha DOJ spokesperson said around 3 percent of the agency’s employee email accounts had been “potentially accessed” as part of the breach, but that there was “no indication that any classified systems were accessed.” DOJ has more than 100,000 employees. 

The federal judiciary confirmed it was breached the same week as DOJ, noting in a statement that the AO’s Case Management/Electronic Files system had suffered an “apparent compromise,” with new procedures immediately put in place to file sensitive court documents. 

“Given the grave national security threat of this catastrophic compromise, we urgently request a briefing about the steps that DOJ and AO are taking to clean up the breach, account for the damage, mitigate the harm, and improve organizational cybersecurity,” the senators wrote, giving the agencies until Jan. 31 to respond. 

Both the Justice Department and the AO did not respond to The Hill’s request for comment on the letter. 

Incoming Senate Judiciary Committee Chairman Dick Durbin (Ill.) and outgoing committee ranking member Dianne Feinstein (Calif.) were among the nine Democratic senators to sign on to the letter, alongside Sens. Patrick Leahy (Vt.), Amy Klobuchar (Minn.), Sheldon Whitehouse (R.I.), Mazie Hirono (Hawaii), Chris Coons (Del.), and Cory Booker (N.J.).  

DOJ and AO are far from the only agencies to be affected by the SolarWinds breach, with the company counting the majority of federal agencies and U.S. Fortune 500 companies as customers. Agencies including the Commerce, Defense, Energy, Homeland Security and Treasury departments are also among those compromised. 

U.S. intelligence agencies said earlier this month that Russian hackers were “likely” behind the incident, which has quickly become one of the largest cybersecurity breaches in the nation’s history. 

The incident has garnered widespread bipartisan concern on Capitol Hill, with the House Homeland Security and Oversight and Reform committees announcing a joint investigation into the incident last month. The incoming leaders of the Senate Homeland Security and Governmental Affairs Committee have vowed to produce “bipartisan comprehensive legislation” to ensure this type of attack never occurs again. 

President Biden has addressed the breach multiple times, describing it in December as a “grave threat to national security.” White House Press Secretary Jen Psaki confirmed Thursday that Biden has requested that the intelligence community produce an assessment of the incident.