A 24-year-old man from Springfield, Tennessee named Nicholas Moore admitted in federal court that he repeatedly hacked into the U.S. Supreme Court’s electronic filing system and other federal government networks, stole victims’ personal information using stolen login credentials, and publicly shared screenshots of that data on his Instagram account. Court filings show Moore accessed the Supreme Court system at least 25 times, as well as AmeriCorps and the Department of Veterans Affairs health portal, between 2023 and 2024, exposing names, addresses, security details, health information, and other sensitive material before pleading guilty to a misdemeanor computer fraud charge that carries a maximum penalty of one year in prison and up to $100,000 in fines. U.S. prosecutors continue to investigate how he obtained the credentials used in the attacks and confirmed the breaches involved multiple federal agencies’ systems.
Sources:
https://techcrunch.com/2026/01/16/supreme-court-hacker-posted-stolen-government-data-on-instagram/
https://www.justice.gov/usao-dc/pr/tennessee-man-pleads-hacking-us-supreme-court-americorps-and-va-health-system
https://www.securityweek.com/tennessee-man-pleads-guilty-to-repeatedly-hacking-supreme-courts-filing-system/
Key Takeaways
• A young defendant repeatedly accessed highly sensitive federal networks, including the U.S. Supreme Court, AmeriCorps, and VA systems.
• Stolen personal data was publicly posted on social media, highlighting significant gaps in federal cybersecurity protections.
• Prosecutors charged the defendant with a misdemeanor rather than felony counts, raising questions about deterrence and cybercrime sentencing practices.
In-Depth
In a case that underscores growing concerns over cyber vulnerability within critical federal systems, a 24-year-old Tennessee man named Nicholas Moore has pleaded guilty to hacking into the U.S. Supreme Court’s electronic filing system and other government networks and then posting stolen personal data from those systems on his Instagram account. According to the Department of Justice, Moore gained access to these networks not through brute force technology exploits or deep insider knowledge of federal infrastructure, but by using stolen login credentials belonging to authorized users — a fact that highlights the ongoing weak link in many cybersecurity frameworks: human authentication controls.
Moore’s actions, which took place over multiple months in 2023, involved at least 25 separate unauthorized entries into the Supreme Court’s electronic filing platform, where he downloaded and then publicly shared private information tied to the credential owner’s filings and account profile. In separate intrusions, he also accessed personal accounts within AmeriCorps, the organization that administers national service programs, and the Department of Veterans Affairs health system, removing sensitive personal and health information and exposing it via Instagram posts. Posting stolen data on social media may seem a bizarre, almost careless prank, but it served to amplify the seriousness of the crimes; victims’ names, contact information, health details, and other personal identifiers were broadcast to an audience far larger than any targeted exploitation might have reached.
Federal prosecutors charged Moore with a misdemeanor count of computer fraud, a surprising choice given the scale and implications of his actions. A guilty plea under this statute carries a maximum penalty of one year in prison and a $100,000 fine, a punishment many cybersecurity experts and conservative commentators argue is insufficient given the inherent risk posed by breaches of high-level systems. Critics of the plea deal emphasize that weak sentencing standards fail to deter would-be hackers, especially when breaches involve national institutions like the Supreme Court whose integrity underpins public confidence in rule of law.
The case therefore adds to broader debates about whether current cybercrime laws and penalties are robust enough to handle modern digital threats, particularly when government systems with sensitive personal data are involved. Moore’s sentencing, scheduled for April, will be watched closely not just by legal professionals but by federal agencies wrestling with how best to balance privacy, security, and the punitive measures necessary to protect public systems from similar attacks in the future.