TL;DR
- Breach: Nicholas Moore hacked into the Supreme Court’s electronic filing system 25 times over two months without detection.
- Exposure: He posted stolen data from three victims on Instagram, including medical records, Social Security digits, and court filing records.
- Penalty: Despite breaching multiple federal agencies, Moore faces only a misdemeanor charge with maximum one-year prison sentence and $100,000 fine.
The last four digits of a Social Security number. A veteran’s medication list. Electronic filing records from inside the Supreme Court. All of it posted publicly on Instagram by a 24-year-old from Springfield, Tennessee, who spent two months roaming undetected through federal government systems.
Nicholas Moore’s brazen intrusion into the nation’s highest court along with AmeriCorps and Veterans Affairs databases exposed the personal data of three victims before prosecutors filed charges under the Computer Fraud and Abuse Act. The hacker posted personal data of several of his hacking victims on his Instagram account.
Undetected Access for Two Months
Between August and October 2023, Nicholas Moore of Springfield intentionally accessed a computer without authorization on 25 different days and thereby obtained information from a protected computer when he hacked into the Supreme Court’s electronic document filing system without triggering security alerts, as confirmed by the DOJ.
Moore gained entry using stolen credentials from authorized users across three federal agencies. This credential-based approach should have been detectable through anomalous login patterns, geographic inconsistencies, or unusual access times.
Promo
Yet Moore accessed the system 25 times over a two-month span without detection. Such prolonged unauthorized access reveals a fundamental breakdown in real-time security monitoring across the Supreme Court, AmeriCorps, and the Department of Veterans Affairs simultaneously.
Moore was scheduled to plead guilty in court by video link on Friday.
Three Victims, Escalating Damage
While Moore moved through government systems undetected, court documents detail the specific data he stole and published for each victim, revealing an escalating pattern of privacy violations.
For the Supreme Court victim identified as GS, Moore posted their name and “current and past electronic filing records.” While serious, this exposure pales in comparison to what followed.
Moore subjected the AmeriCorps victim, identified as SM, to far more extensive exposure. Court documents state Moore published the victim’s “name, date of birth, email address, home address, phone number, citizenship status, veteran status, service history, and the last four digits of his social security number.”
Moore transformed what began as unauthorized access into a comprehensive identity theft scenario by publicly posting this complete profile of personal identifiers.
This progression from institutional records to complete identity profiles demonstrates how government data breaches compound across agencies. Each piece of exposed information amplifies the harm: filing records reveal legal involvement, the nine-point AmeriCorps profile enables identity theft, and prescription data creates blackmail opportunities while violating health privacy laws.
When Moore posted these datasets to a public Instagram account rather than selling them on dark web forums, he prioritized spectacle over profit, maximizing embarrassment to federal agencies while creating permanent digital records that victims cannot erase.
Moore’s third victim, a Department of Veterans Affairs user identified as HW, experienced a particularly severe breach when Moore violated their medical privacy.
According to the court documents, Moore posted the victim’s identifiable health information “when he sent an associate a screenshot from HW’s MyHealtheVet account that identified HW and showed the medications he had been prescribed.” Publishing prescription medication information represents a serious violation of health privacy protections.
Each victim faced a different level of exposure, but all three saw their government-held personal information weaponized for public display on social media.
Misdemeanor Charge Despite Multi-Agency Breach
Despite accessing three separate federal systems and exposing sensitive personal information including health records, Moore faces a misdemeanor charge: a maximum sentence of one year in prison and a maximum fine of $100,000. This relatively light charge stems from the act’s classification of the offense as a misdemeanor rather than a felony.
Such classification highlights a structural mismatch between cybercrime severity and available legal remedies. Moore’s prosecution under this statute reflects the legal framework available for unauthorized computer access, even when the target includes the nation’s highest court and involves multiple federal agencies.
Access to Sealed Documents
Beyond the charges he faces, Moore’s intrusion raises questions about what information he viewed but did not publish. Above the Law noted that while Moore only gained access to the electronic filing system rather than emails or document management systems, “insider access to the filing system would afford access to any sealed documents.”
The court documents confirm Moore accessed the system on 25 separate occasions, creating 25 opportunities to view confidential case information beyond the three victims whose data he posted publicly.
Pattern of Federal Judiciary Breaches
Moore’s undetected intrusion represents the latest in a series of attacks targeting federal court systems. Russian government hackers breached the broader PACER federal court filing system in August 2025, compromising sensitive case records across the federal judiciary.
This chronology reveals a troubling reality: Moore’s 2023 breach occurred two years before the Russian attack prompted security upgrades. In August 2025, the Administrative Office of the United States Courts announced it had strengthened protections for sensitive case documents “in response to recent escalated cyberattacks of a sophisticated and persistent nature on its case management system.”
Yet Moore’s 2023 breach, only coming to light now, serves as a reminder of how vulnerable these systems were when he accessed them.
However, federal judicial systems have been plagued by hacks of electronic filing systems in recent years. Moore’s case highlights that federal judiciary cybersecurity in 2023 lagged far behind the threats targeting government systems.
Discovery and Limited Transparency
Court Watch’s Seamus Hughes, a researcher and journalist who monitors court documents, first spotted the case. Without Hughes’ diligent tracking of court documents, the intrusion might have remained obscure despite its significance.
When contacted about the breach, prosecutors told reporters they cannot provide any more information that hasn’t already been made public.
Details on what information Moore accessed beyond the three victims’ data were not released, leaving questions about the full scope of the intrusion unanswered. Such lack of transparency about what Moore viewed during his 25 unauthorized sessions creates uncertainty about whether additional sensitive information was compromised but not publicly posted.
