US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.
Several courts, including the Court of International Trade, and individual lawyers have shared the same message from PACER, which is battling long call wait times from users struggling with the MFA rollout.
LA lawyer Rob Freund shared an email via X showing that users are being told to avoid enrolling in the platform’s MFA program until they are prompted to do so via email.
PACER also told users to steer clear of the helplines to ease the burden on staff.
“We ask that only users who receive a prompt to enroll in MFA when they log in should do so,” the email reads. “If you do not receive an MFA enrollment prompt, no action is necessary. Please do not contact the [PACER Service Center] with questions about MFA until you are required to enroll. This ensures support is available for those who need it.”
Another lawyer, based in South Carolina, reported the scale of the phone line congestion on Friday. While calling support to query a password-related issue, Mandy Powers Norrell said her expected wait time was 298 minutes at position 145 in the queue.
Across the platform, users are also experiencing issues with logging in, as the website struggles with long freezes lasting several minutes before logins are approved.
PACER lifted its enrollment deadline as a result of the issues at its support center, and will instead now enforce account protection in a phased manner.
The platform, which is run by the US government, announced in April that MFA would become mandatory for some accounts – those with the ability to file documents and all other case management accounts.
Users who signed up for the paid service just to access court documents are only “strongly encouraged” to enroll.
PACER sent notifications to in-scope accounts at the beginning of August, reminding users that the mandatory enrollment was coming into force and that they must add an MFA method by the end of the year.
According to a guidance sheet published in late August, each account required to enroll in the MFA program will have three opportunities to skip the process, after which their account will be disabled.
The program involves linking the PACER platform to the user’s preferred authentication app – they can add up to five – and authenticating logins with time-based one-time passcodes.
Users without the ability to download or use authenticator apps can save one-time backup codes to use for an added layer of protection. These will have to be refreshed once all have been used.
The Register asked the US government for additional details about the specific issues support staff are having to handle, and will update the story if it responds.
### A timely change
The introduction of mandatory MFA comes amid a reported cyberattack affecting the Administrative Office of the US Courts, which runs the PACER platform.
An alleged cyberattack on the case filing system was confirmed on August 5, exposing sensitive documents which revealed details about confidential informants.
The department acknowledged “recent escalated cyberattacks of a sophisticated and persistent nature on its case management system” in a furter statement a day later, but did not include any specifics.
Politico reported that the methods behind the intrusion were not clear, but it targeted the Case Management/Electronic Case Files (CM/ECF) and PACER systems.
Further reporting from the New York Times, citing insider sources, stated that Russia was at least in part responsible for the attack, and those behind it spent months rummaging through US court records.
The intruders reportedly exploited bugs dating back to 2020 as part of a multi-year campaign to break into the platform.
The Administrative Office of the US Courts insisted many of the documents accessible via PACER are not confidential, although some are sensitive and “can be targets of interest to a range of threat actors.”
It also committed to modernizing internal IT systems, and assured that it had been working continuously with the Justice Department and Homeland Security to mitigate any risks stemming from the attack. ®
**Get our** Tech Resources
US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.
Please do not contact the [PACER Service Center] with questions about MFA until you are required to enroll.
Users who signed up for the paid service just to access court documents are only “strongly encouraged” to enroll.
A timely changeThe introduction of mandatory MFA comes amid a reported cyberattack affecting the Administrative Office of the US Courts, which runs the PACER platform.
Politico reported that the methods behind the intrusion were not clear, but it targeted the Case Management/Electronic Case Files (CM/ECF) and PACER systems.
US courts have warned of delays as PACER, the system for accessing court documents, struggles to support users enrolling in its mandatory MFA program.
Several courts, including the Court of International Trade, and individual lawyers have shared the same message from PACER, which is battling long call wait times from users struggling with the MFA rollout.
LA lawyer Rob Freund shared an email via X showing that users are being told to avoid enrolling in the platform’s MFA program until they are prompted to do so via email.
PACER also told users to steer clear of the helplines to ease the burden on staff.
“We ask that only users who receive a prompt to enroll in MFA when they log in should do so,” the email reads. “If you do not receive an MFA enrollment prompt, no action is necessary. Please do not contact the [PACER Service Center] with questions about MFA until you are required to enroll. This ensures support is available for those who need it.”
Another lawyer, based in South Carolina, reported the scale of the phone line congestion on Friday. While calling support to query a password-related issue, Mandy Powers Norrell said her expected wait time was 298 minutes at position 145 in the queue.
Across the platform, users are also experiencing issues with logging in, as the website struggles with long freezes lasting several minutes before logins are approved.
PACER lifted its enrollment deadline as a result of the issues at its support center, and will instead now enforce account protection in a phased manner.
The platform, which is run by the US government, announced in April that MFA would become mandatory for some accounts – those with the ability to file documents and all other case management accounts.
Users who signed up for the paid service just to access court documents are only “strongly encouraged” to enroll.
PACER sent notifications to in-scope accounts at the beginning of August, reminding users that the mandatory enrollment was coming into force and that they must add an MFA method by the end of the year.
According to a guidance sheet published in late August, each account required to enroll in the MFA program will have three opportunities to skip the process, after which their account will be disabled.
The program involves linking the PACER platform to the user’s preferred authentication app – they can add up to five – and authenticating logins with time-based one-time passcodes.
Users without the ability to download or use authenticator apps can save one-time backup codes to use for an added layer of protection. These will have to be refreshed once all have been used.
The Register asked the US government for additional details about the specific issues support staff are having to handle, and will update the story if it responds.
A timely change
The introduction of mandatory MFA comes amid a reported cyberattack affecting the Administrative Office of the US Courts, which runs the PACER platform.
An alleged cyberattack on the case filing system was confirmed on August 5, exposing sensitive documents which revealed details about confidential informants.
The department acknowledged “recent escalated cyberattacks of a sophisticated and persistent nature on its case management system” in a furter statement a day later, but did not include any specifics.
Politico reported that the methods behind the intrusion were not clear, but it targeted the Case Management/Electronic Case Files (CM/ECF) and PACER systems.
Further reporting from the New York Times, citing insider sources, stated that Russia was at least in part responsible for the attack, and those behind it spent months rummaging through US court records.
The intruders reportedly exploited bugs dating back to 2020 as part of a multi-year campaign to break into the platform.
The Administrative Office of the US Courts insisted many of the documents accessible via PACER are not confidential, although some are sensitive and “can be targets of interest to a range of threat actors.”
It also committed to modernizing internal IT systems, and assured that it had been working continuously with the Justice Department and Homeland Security to mitigate any risks stemming from the attack. ®
Get our Tech Resources
