'More Rules and Hurdles': US Chief Judges Adopt Cybersecurity Sealed Document Safeguards

U.S. chief district judges in multiple jurisdictions, including the Southern District of New York and Eastern District of Virginia, now require parties to serve opposing counsel with sealed documents outside of the federal judiciary’s electronic filing system following recent cyberattacks on the judiciary’s virtual assets.

Federal trial courts are increasingly governed by standing orders restricting online access to sealed documents, effectively requiring high-stakes litigators to serve opposing parties with sealed documents through consensual private arrangements or nonelectronic means.

The new cybersecurity safeguards can make litigation matters more costly, less efficient and even invite new risks of their own, according to business litigators.

Unauthorized users launched a series of 2025 cyberattacks on the federal Case Management/Electronic Case Files system. The identities of the hackers have not been publicly identified, but a New York Times story suggests the hacking could possibly have been perpetrated by Russian state-linked actors.

“Because sealed documents filed in CM/ECF will not be accessible or viewable by litigants electronically, service of those documents can no longer be accomplished through CM/ECF,” U.S. Chief District Judge Mark S. Davis of the Eastern District of Virginia wrote in a standing order filed in September.

“After filing sealed documents on CM/ECF, parties will have to serve the sealed documents by other appropriate means as provided by the Federal Rules of Procedure,” Davis added, citing Federal Rule of Civil Procedure 5.

Sealed documents in civil litigation may include proprietary or trade secret information of the parties, confidential personal information, financial records or executive communications, among other sensitive data, according to Monte Mann, a business litigation partner at Armstrong Teasdale.

The requirement for parties to serve sealed documents under Rule 5 prioritizes security over convenience but introduces the risk of gamesmanship between opposing counsel, Mann said in an interview.

“When there are more rules and hurdles on the parties, there can be disputes among the parties over those rules,” he added. “Parties may serve each other with unredacted copies of sealed documents under Rule 5, which may include electronically by email if the parties consent to service that way.”

“The practical effect—it is going to make business litigators’ life a little harder,” Mann said. “It’s going to make us take extra steps.”

One risk with the new standing orders in jurisdictions like the Southern District of Illinois and elsewhere is that parties could “weaponize [Rule 5] to their advantage” by claiming opposing counsel delayed service of sealed documents, Mann said. “In a perfect world, I hope it doesn’t, [but] it may.”

David Gringer, an antitrust litigation partner at Wilmer Cutler Pickering Hale and Dorr, said the federal judiciary has done a “pretty good job” minimizing cybersecurity breaches.

“There needs to be a recognition that courts are holding sensitive information,” Gringer told law.com and the National Law Journal. “Once something leaves where you are and goes someplace else, there are risks. Those risks cannot be eliminated; they can only be mitigated.”

Clients are “increasingly worried” about the risk of cyberattacks, Gringer added. “It is a really scary world out there, and there is no such thing as a guarantee of security for sensitive or nonsensitive information, and there’s a lot of bad actors out there.”

The federal judiciary in 2021 began restricting electronic access to highly sensitive documents or HSDs following the December 2020 cyberattacks on SolarWinds, a tool for managing data networks.

“In many ways, this is not really new,” Matthew Wright, a managing partner at the McCarter & English D.C. office, said of the new protocols surrounding sealed documents. “There have always been constraints and restrictions around the handling of sensitive materials.”

The “best practice” to prevent sealed documents from landing in the wrong hands is to transfer physical documents to parties “in person with someone who shows ID and proves they are associated with counsel of record,” said cybersecurity and data privacy expert Adam S. Hickey.

“Once you are relying on remote communication like email, telephone or video chat there is a potential for mischief,” added Hickey, a partner at Mayer Brown. “Even the best practices won’t be foolproof.”

Reprinted with permission from the November 21 edition of The National Law Journal © 2025 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.