By Tracy Roche
April 29, 2025 – Florida’s legal system is reeling from a wave of compromised Florida Bar usernames and passwords that have enabled fraudsters to masquerade as attorneys online. Using stolen attorney credentials, threat actors have filed false court papers through Florida’s statewide e-filing portal, blindsiding judges and victims. While examples and accounts of the damages caused by scammers and cyber threat actors have been documented for years, little has been done with respect to addressing the core roots of the problem. One major issue lies in how attorneys initially obtain electronic filing credentials. Another is the lack of a requirement of two-factor authentication when filing court documents under an attorney’s assigned bar number.
Almost seven years ago, in one brazen 2018 scam, an identity thief registered a phony e-filing account under a real lawyer’s name and Bar number – then filed motions to steal $130,000 in surplus foreclosure funds from a court registry. A judge, unaware of the deceit, signed an order disbursing the money, which the scammer promptly looted. The innocent attorney, whose identity was hijacked, only learned of the scheme when a complaint was filed after the funds vanished without any means to recover the funds. This incident and countless others exposed a disturbing truth: The Florida Courts E-Filing Portal had minimal verification safeguards. “All it takes to open an e-filing account is to fill out online forms using a lawyer’s name, Bar number, email address, and physical address,” said one Florida Bar official warning at that time of how unchecked electronic filing access is for attorneys to procure their credentials.
In other words, hackers didn’t even need to crack passwords – they could create “attorney” accounts with publicly available info. Nothing seemingly has changed except that the scams have evolved and the consequences have been far-reaching and dangerous.
Once inside the court system’s digital gates, fake filings can wreak havoc like a set of dominos falling. Add AI spoofing emails, voice cloning calls and deepfake video conference capabilities, not only have criminals managed to use hijacked lawyer logins to file phony pleadings that drop lawsuits, forge court orders, or misdirect settlement funds. In some instances, these threat actors start new law firms with fake credentials of one or more attorneys and repeat untold financial rewards without the authentic lawyers even having a clue. In each documented case where a forged and illegally filed court paper has been filed and then discovered, the affected parties and the courts must expend significant resources undoing and unwinding fraudulent filings and the burden is on the ‘real’ attorneys to not only prove their innocence but as one legal analyst stated ‘it’s hard to explain to a client why their case was dismissed on the eve of trial, but I can’t think of any client that would be willing to pay the bill to fix the damages caused, and in some instances, there would be no way to restore the status quo.”
In fact, there is no reported case where the ‘real’ lawyer learned that their credentials were compromised in time to avoid serious damages, and if this deepfake causes a court to enter an order based on the fraudulent filings, not only has the damage been done to the client but also to the lawyer’s reputation. “It’s not something that a lawyer would want to talk about or report themselves to the Florida Bar for fear that they would be subject to investigation for how it came to pass that their credentials were stolen” said one former bar prosecutor who worked for the Florida Bar’s Fort Lauderdale Branch before entering private practice.
The Florida Bar has sounded alarms about these scams, noting that nameless, faceless cybercriminals are exploiting lawyers’ reliance on the e-filing system. As one Florida Bar Journal article put it, “Florida attorneys are routinely targeted by cybercriminals” who leverage any opening to gain access to court proceedings for profit. And, there have been no shortage of recent reporting that hackers successfully targeted the federal electronic filing and case reporting system known as PACER back in late 2024. However, there have been no changes to the electronic filing rules which would require enhanced security such as two factor authentication and the only notable changes coming in the form of optional cyber-security plans for Florida law firms.
Attorneys Suspended for Ignoring Bar Inquiries – By the Numbers
Alarmingly, compromised accounts don’t just enable financial fraud – they can also get attorneys in professional trouble. When suspicious filings occur or complaints are lodged, the Florida Bar sends official inquiries to the attorney of record. But if a hacker has altered contact info or the attorney is unaware (or overwhelmed), those inquiries may go unanswered – and the consequences are dire. Under Bar rules, failing to respond to an official investigation inquiry is contempt of court. The Bar will swiftly petition the Florida Supreme Court for an emergency suspension of the attorney’s license. These “petitions for contempt for failure to respond” have surged nearly one hundred percent between 2022 and 2024, which is also evidence that there are no measures at the Florida Bar to adjust to the issue of stolen credentials and manipulated bar records. In other words, while it is known that attorney credentials are being targeted and stolen to file fraudulent court papers, the means and methods to advise an attorney of an issue or bar complaint have not changed, for example, by incorporating a failsafe when an attorney does not respond to a bar inquiry, to attempt to contact that attorney by secondary ‘emergency’ means. Undoubtedly, it is on the attorneys to monitor their own records, however, if an attorney’s credentials have been compromised and they remain unaware due to the scammer’s doing, some claim the Florida Bar or local circuits courts should have mechanisms in place for the protection of the public to reach attorneys who may have been targeted.
In some cases, credentials of Florida Bar counsel themselves have been targeted allowing fraudsters to gain access to the Florida Bar network and possibly initial deepfake complaints and proceedings against attorneys. By some accounts, this could lead to having an attorney fight a fictitious bar proceeding while representing clients and because the stolen credentials would appear such that the Florida Bar is taking the action, courts and the Florida Bar itself would be in the same position of any other attorney whose electronic filing or emails had been hacked. In short, Florida Bar discipline proceedings could be prosecuted as any other proceeding if it were filed through stolen credentials causes irreparable harm to many but as one legal expert stated ‘this begins to call into question the integrity of our legal system as a whole.’
E-Filing Portal Breach Exposes Systemic Weaknesses
Central to this unfolding saga is Florida’s e-filing backbone, myflcourtaccess.com. This is the URL for the statewide portal operated by the Florida Courts E-Filing Authority (a body of the Florida Association of Court Clerks & Comptrollers). The portal’s tech is provided by CiviTek, a private company which also provides electronic platforms for other courts around the country. If CiviTek’s systems or the portal’s user database were compromised, every attorney’s username and password would be at risk – a fact not lost on cybercriminals. Thus far, officials have not announced a wholesale breach of the portal’s servers. But evidence suggests intrusions have occurred. In late 2020, the First Judicial Circuit’s courts were hit by a “security event” that forced them offline, though clerks’ records were reportedly unaffected. Around the same time, attorneys statewide began reporting strange filings under their names. The Florida Bar’s own news bulletins confirm multiple incidents of hacked or spoofed e-filing accounts. And in one extraordinary court meeting, officials disclosed that in February 2018 a fraudulent portal account had been opened with a real lawyer’s credentials to facilitate a scam – exactly the $130k foreclosure surplus theft referenced earlier. That revelation prompted the E-Filing Authority to finally tighten security, requiring additional verification that filers are the counsel of record in a case.
However, those measures address access to court files, not the front-door vulnerability of account creation and login. As of today, the portal still relies on username/password logins without two-factor authentication – a weakness which most experts agree is an easy fix to most compromises in an era of rampant phishing and data breaches.
When asked if their systems have been compromised, they often point out that scammers could just as easily file paper documents no matter what they did– a deflection that doesn’t inspire confidence to Harvey Rubin, the former Miami-Dade County Clerk of Courts.
Suspicious Domain Activity and Possible DNS Hijinks
Aggressive digging into internet records reveals more red flags. Several web domains related to Florida’s courts show suspicious activity in their DNS records, suggesting potential tampering or at least negligence. For example, Florida’s electronic filing portal url is myflcourtaccess.com and it is the legitimate e-filing portal used daily – but a very similar domain, myflcourts.org is not the official portal and was seemingly dormant until recently. Cybersecurity experts note that dormant domains with official-sounding names are ripe for exploitation. A threat actor who gains control of myflcourts.org, for instance, could configure it to intercept traffic or credential-reset emails intended for the real portal if any typos or misconfigurations occur. DNS hijacking is a very real threat: if hackers were able to redirect the nameservers for myflcourtaccess.com or flcourts.org (the judiciary’s main site), users and even court staff could be tricked by spoofed sites. This is not hypothetical – in 2020, federal courts warned of lookalike domains being used in phishing attacks.
These off-brand domains (myflcourts.org, myfloridacfo.org, etc.) often escape regular security audits. Investigators have found instances where such domains pointed to unusual servers or underwent sudden DNS changes, raising concerns that they were briefly hijacked. In an aggressive intrusion scenario, that domain could serve as a launchpad for malware or man-in-the-middle attacks on citizens trying to access court services.
Florida Bar Leadership Under Fire Amid Cybersecurity Crisis
Amid these external attacks, the Florida Bar’s own leadership has been mired in distraction. In a shocking development out of Coral Gables, Florida Bar President Roland Sanchez-Medina – a prominent Coral Gables attorney – was recently accused of misappropriating $625,000 from a client. A Bar complaint alleges he shuffled the money through various explanations and accounts, prompting an ongoing investigation. Sanchez-Medina vehemently denies wrongdoing, but the scandal has rocked the Bar’s top ranks and what is getting lost in the noise according to Attorney Jose Rodriguez is the focus on ensuring the security of Florida Bar attorney electronic filing credentials.
