Three hostile foreign actors breached the federal courts document management system via “an incredibly significant and sophisticated” cyber attack more than 18 months ago, the chairman of the House Judiciary Committee said on Thursday.

Representative Jerrold Nadler, a New York Democrat, said that his committee learned in March of “the startling breadth and scope of the courts’ documents management system security failure.” He added that the hack had a “disturbing impact” on both pending civil and criminal litigation and national security.

In January 2021, the Administrative Office of the U.S. Courts said it was investigating “an apparent compromise” in its electronic case filing system, which enables attorneys to file case documents such as pleadings, motions and petitions with courts online. The office said the breach occurred as a result of vulnerabilities in its electronic case filing system that risked compromising sensitive sealed filings.

Sealed filings aren’t publicly available and can be kept from view due to a range of concerns spanning confidential personal and business information or national security secrets.

Matthew Olsen, assistant attorney general for the National Security Division at the Department of Justice, cited hacking threats from China, Russia, Iran and North Korea in response to Nadler’s concerns during a Thursday committee hearing, saying the challenge when it comes to nation-state cyber activity is “significant.” He referred to an ongoing investigation into the matter but gave no details. Nadler didn’t name the three hostile foreign actors or say how he learned of their alleged role.

Senator Ron Wyden, an Oregon Democrat, said the federal judiciary has yet to publicly explain what happened and has refused multiple requests to provide unclassified briefings to Congress. On Thursday, he accused the federal judiciary of concealing what happened and demanded more information.

“I write to express serious concerns that the federal judiciary has hidden from the American public and many members of Congress the serious national security consequences of the courts’ failure to protect sensitive data to which they have been entrusted,” Wyden said in a letter to the director of the Administrative Office of the U.S. Courts.

Wyden said the judiciary’s decentralized court system is flawed and has opposed congressional efforts to modernize, creating unmanageable security risks. He urged the federal judiciary to adopt a set of mandatory cybersecurity standards and audits that all federal courts would be required to follow.

Nadler said the breach wasn’t related to a cyber-espionage campaign that was revealed in December 2020 and affected nine federal agencies—including the Department of Justice—and about 100 businesses. U.S. officials blamed that attack, which partially relied on installing malicious code in updates for software made by SolarWinds Corp., on Russian state-sponsored hackers.

In January 2021, an Administrative Office spokesperson told Bloomberg Law that they believed the apparent compromise was tied to the broader SolarWinds-related hacks.

“As we said in January 2021, the judiciary faces a significant threat to our electronic case management system,” the office said in a statement released later on Thursday. “Since that time, we have taken and continue to take significant actions to protect our systems and the sensitive information they contain.”

The statement did not say whether the breach referred to at the hearing was believed to be connected to the one disclosed last year.