24-Year-Old Man Pleads Guilty in Supreme Court Data Breach
Nicholas Moore, a 24-year-old man, has entered a guilty plea for unlawfully accessing the electronic filing system of the Supreme Court of the United States, resulting in the theft of sensitive personal information. This plea comes amid court filings released this week, raising serious concerns about the integrity of federal cybersecurity measures.
Investigators have determined that Moore not only infiltrated the Supreme Court’s digital infrastructure but also compromised networks linked to AmeriCorps and the U.S. Department of Veterans Affairs. Following the breaches, he disseminated stolen data on Instagram. This data included sensitive personal and health-related information obtained through unauthorized access to government systems using stolen credentials.
Court documents reveal that Moore accessed the Supreme Court’s electronic filing system, leaking identifying information of a court user referred to as “GS.” The compromised data encompassed the victim’s name and both current and historical electronic filing records. This breach has heightened fears regarding the cybersecurity protocols that safeguard crucial judicial data and the integrity of the nation’s highest court.
Additionally, during his illicit activities, Moore gained access to AmeriCorps’ internal servers, where he published detailed personal information of another individual identified as “SM.” This data included full name, date of birth, contact details, citizenship status, military affiliation, service history, and even the last four digits of a Social Security number. Records indicate that Moore claimed to have secured server-level access, indicating a sophisticated understanding of computer networks.
In another significant incident, Moore exploited the Veterans Affairs’ MyHealtheVet portal belonging to a third victim, referred to as “HW.” Screenshots shared publicly unveiled sensitive details about prescription medications, revealing identifiable medical information that violates federal healthcare data protection regulations.
Moore reportedly used the Instagram account “@ihackthegovernment” to boast about his breaches and promote access to U.S. government networks. This type of public disclosure not only undermines individual privacy but also poses systemic risks to federal cybersecurity efforts.
As a consequence of these felonies, the U.S. Department of Justice has indicated that Moore could face up to one year in prison and a fine reaching $100,000, approximately equivalent to ₹83 lakh. The sentencing hearing will be scheduled to determine the final penalties.
The incidents have raised significant alarm among cybersecurity professionals, flagging potential vulnerabilities in U.S. government systems that manage legal, civic, and healthcare data. Authorities are conducting a thorough review of internal security measures and accelerating audits of affected systems to thwart similar breaches in the future. Current assessments are ongoing to establish the full extent of the damage and to identify any further compromised data.
In terms of attack methodologies, Moore’s actions illustrate several tactics aligned with the MITRE ATT&CK framework, including initial access through credential theft, privilege escalation via server-level access, and persistence illustrated by his ongoing access and public disclosure of stolen information. As the digital landscape evolves, businesses must remain vigilant against such threats and continually assess their cybersecurity measures.
The implications of this case reflect the necessity for robust digital security protocols that not only protect sensitive data but also maintain trust in governmental and civic institutions.
