First Circuit chief judge confirms personal data was breached in courthouse cyberattack

Benjamin Johnson, Pensacola News Journal
Updated ·4 min read

As the First Judicial Circuit continues to battle a "security event" breach that crippled some of its administrative systems, John Miller, the chief judge of the First Judicial Circuit, told the News Journal that their internal investigation has verified that personal information was breached in the cyber attack.

The First Circuit, which encompasses courthouses in Escambia, Santa Rosa, Okaloosa and Walton counties, first announced the attack Oct. 2, saying electronic court operations were impacted. Escambia's Clerk and Comptroller Pam Childers told the News Journal that the local administrative structure, which is tied to the Florida Supreme Court's Office of the State Courts Administrator (OSCA), was breached during the incident.

Miller said that the people whose information was exposed have been notified but could not say how many people had their information breached.

The communications team for global cybersecurity company Heimdal Security, which provides cloud-based cybersecurity solutions, reported that the ALPHV/BlackCat ransomware group claimed responsibility for the attack on its data leak page. The ransomware group claims to have access to Social Security numbers of employees and a detailed map of the court's systems.

Miller could not confirm or deny whether ALPHV/BlackCat caused the attack.

'Possible' personal info breached: NWFL courts investigating if personal information was breached in IT 'security event'

Other than breached personal information, Miller told the News Journal that the IT teams and county clerks of court have substantially helped keep the courts active throughout the cyber attack.

"I am very pleased with our progress, and a lot of that is thanks to our outstanding IT team," Miller said. "Our clerks of court in these four counties have gone above and beyond what's required of them to help us have access to our court files and keep us operational."

What is a ransomware attack?

According to Elizabeth Rasnick, associate professor with UWF's Center for Cybersecurity, a ransomware attack is when a person gains access to a system's data and then encrypts it to lock out the owner of the system and data.

"In order for (the system owner) to get access back, they would have to pay a ransom," she told the News Journal. "There's some type of ransom note, usually an email, that says, 'Hey, we've locked down your data, and it's going to cost this much to get it back.'"

Outside of paying the ransom, Rasnick says system owners could restore their data if they have a backup stored. If they don't have a backup, then they must either go through the painstaking process of "piecemealing" the data together from outside sources or beginning from scratch.

Miller could not confirm or deny to the News Journal whether the courts have a backup system in place.

Courts announce breach: Escambia, Santa Rosa courts disrupted by 'security event' affecting information systems

What is the ALPHV/BlackCat ransomware group?

The ALPHV group is thought to be a rebranding of the DarkSide/BlackMatter ransomware group that rose to global prominence after its cyber attack of Colonial Pipeline in 2021, according to the FBI's Internet Crime Complaint Center (IC3).

In April 2022, IC3 reported that ALPHV/BlackCat was the first ransomware group to successfully compromise 60 entities worldwide using the programming language RUST.

The group typically leverages previously compromised user credentials to gain initial access to victim systems, according to IC3, and infect it with malware.

Once the malware is in place, it will configure "malicious Group Policy Objects" to deploy ransomware throughout the system, disabling security features.

How are the Northwest Florida court systems impacted?

According to the Florida Courts website, OSCA was created in 1972 to serve the state's chief justice and carry out the justice's responsibilities as chief administrative officer, including the 20 circuit courts throughout the state. Each circuit has a local administrative structure that is presided over by that circuit's chief judge.

Childers told Escambia County commissioners during a meeting that her office, which houses the court's documentation, was not impacted by the breach.

"With the breach that happened with the courts, it had nothing to do with the clerk and comptroller's office," she said. "Any comptroller data, payroll, what have you is not compromised."

Shortly after the attack was announced, Escambia judges and attorneys made reference to the "breach" or "hacking," and judges have mentioned they do not have access to certain electronic capabilities as a result.

Also, stenographers have been brought in to record proceedings that are typically recorded by their audio system CourtSmart, but the breach has rendered the system incapacitated.

Trial Court Administrator Kasey Watson says the attack will "significantly affect court operations."

This article originally appeared on Pensacola News Journal: ALPHV/BlackCat claim cyber attack on Escambia, Santa Rosa courts