The Free Law Project discovered the major security vulnerability and has formally notified the Administrative Office of the Courts with details (not yet public) of what they found.
From the Free Law Project:
At this time, as part of a responsible disclosure process, we have notified the appropriate parties at The Administrative Office of the Courts, the agency that runs PACER. According to industry norms, we have given them a broad 90 day window to resolve the vulnerability.
More in the complete blog post along with info about how to contact the Free Law Project with questions.