Nine Democratic senators are pressing the Department of Justice (DoJ) and the U.S. Courts for a briefing and information about exactly what data was compromised by the SolarWinds hack in a letter to the departments.
The Jan. 20 letter follows up on an earlier disclosure from the Administrative Office of the U.S. Court (AO) that said “highly sensitive” documents were breached in the hack. Sens. Richard Blumenthal, D-Conn.; Dianne Feinstein, D-Ca.; Patrick Leahy, D-Vt.; Dick Durbin, D-Ill.; Sheldon Whitehouse, D-R.I.; Amy Klobuchar, D-Minn.; Chris Coons, D-Del.; Mazie Hirono, D-Hawaii; and Cory Booker, D-N.J., all signed the letter.
“Given the grave national security threat of this catastrophic compromise, we urgently request a briefing about the steps that DoJ and AO are taking to clean up the breach, account for the damage, mitigate the harm, and improve organizational security,” the letter reads.
Understanding it may take time to set up the briefing, the senators list inquiries they would like a response to by the end of the month. Those questions include:
- Which records and information at DoJ were potentially exposed and which departments were targeted?;
- What aspects of the AO’s Case Management/Electronic Case File (CM/ECF) were targeted and how many dockets were potentially exposed?;
- Who at AO and DoJ are responsible for incident response and forensics for the SolarWinds breach?;
- Have the departments “been provided sufficient information to respond to the breach” and do they have “sufficient monitoring and logging to determine the extent of the compromise?”;
- Have those exposed been notified?;
- What action has been taken to mitigate the harm of exposed information?; and
- What is the timeline of events for each agency’s response to the hack?
The letter is addressed to DoJ CIO Melinda Rogers, also the deputy assistant attorney general for DoJ, and Joseph Peters, associate director of the AO, and requests an answer to the proposed questions by Jan. 31.