U.S. chief district judges in multiple jurisdictions, including
the Southern District of New York and Eastern District of Virginia,
now require parties to serve opposing counsel with sealed documents
outside of the federal judiciary’s electronic filing system
following recent cyberattacks on the judiciary’s virtual
assets.
Federal trial courts are increasingly governed by standing orders
restricting online access to sealed documents, effectively
requiring high-stakes litigators to serve opposing parties with
sealed documents through consensual private arrangements or
nonelectronic means.
The new cybersecurity safeguards can make litigation matters more
costly, less efficient and even invite new risks of their own,
according to business litigators.
Unauthorized users launched a series of 2025 cyberattacks on the
federal Case Management/Electronic Case Files system. The
identities of the hackers have not been publicly identified, but a
New York Times story suggests the hacking
could possibly have been perpetrated by Russian state-linked
actors.
“Because sealed documents filed in CM/ECF will not be
accessible or viewable by litigants electronically, service of
those documents can no longer be accomplished through
CM/ECF,” U.S. Chief District Judge Mark S. Davis of the
Eastern District of Virginia wrote in a standing order filed in September.
“After filing sealed documents on CM/ECF, parties will have
to serve the sealed documents by other appropriate means as
provided by the Federal Rules of Procedure,” Davis added,
citing Federal Rule of Civil Procedure 5.
Sealed documents in civil litigation may include proprietary or
trade secret information of the parties, confidential personal
information, financial records or executive communications, among
other sensitive data, according to Monte Mann, a business
litigation partner at Armstrong Teasdale.
The requirement for parties to serve sealed documents under Rule 5
prioritizes security over convenience but introduces the risk of
gamesmanship between opposing counsel, Mann said in an
interview.
“When there are more rules and hurdles on the parties,
there can be disputes among the parties over those rules,” he
added. “Parties may serve each other with unredacted copies
of sealed documents under Rule 5, which may include electronically
by email if the parties consent to service that way.”
“The practical effect—it is going to make business
litigators’ life a little harder,” Mann said.
“It’s going to make us take extra steps.”
One risk with the new standing orders in jurisdictions like the Southern District of Illinois and elsewhere is
that parties could “weaponize [Rule 5] to their
advantage” by claiming opposing counsel delayed service of
sealed documents, Mann said. “In a perfect world, I hope it
doesn’t, [but] it may.”
David Gringer, an antitrust litigation partner at Wilmer Cutler
Pickering Hale and Dorr, said the federal judiciary has done a
“pretty good job” minimizing cybersecurity
breaches.
“There needs to be a recognition that courts are holding
sensitive information,” Gringer told law.com and the National
Law Journal. “Once something leaves where you are and goes
someplace else, there are risks. Those risks cannot be eliminated;
they can only be mitigated.”
Clients are “increasingly worried” about the risk of
cyberattacks, Gringer added. “It is a really scary world out
there, and there is no such thing as a guarantee of security for
sensitive or nonsensitive information, and there’s a lot of
bad actors out there.”
The federal judiciary in 2021 began restricting electronic access
to highly sensitive documents or HSDs following the December 2020
cyberattacks on SolarWinds, a tool for managing data
networks.
“In many ways, this is not really new,” Matthew Wright,
a managing partner at the McCarter & English D.C. office, said
of the new protocols surrounding sealed documents. “There
have always been constraints and restrictions around the handling
of sensitive materials.”
The “best practice” to prevent sealed documents from
landing in the wrong hands is to transfer physical documents to
parties “in person with someone who shows ID and proves they
are associated with counsel of record,” said cybersecurity
and data privacy expert Adam S. Hickey.
“Once you are relying on remote communication like email,
telephone or video chat there is a potential for mischief,”
added Hickey, a partner at Mayer Brown. “Even the best
practices won’t be foolproof.”
Reprinted with permission from the November 21 edition of The National Law Journal © 2025 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.