Cyber Incident Victim: Hall County Government
Date:
Oct 2020
Location:
United States of America
Summary
A ransomware attack targeted a Georgia county government, with the DoppelPaymer gang encrypting devices and subsequently leaking stolen unencrypted data, contradicting initial assessments that no information was compromised. The exposed files included voter registration records containing names, addresses, and ballot assignments—primarily public information—along with election materials, financial documents, and at least one instance of a voter's social security number. While much of the leaked data was publicly accessible, its release created risks of misuse for targeted phishing campaigns or voter intimidation, particularly amid broader concerns about foreign interference in electoral processes. The incident disrupted county networks and phone systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 7, 2020, Hall County, Georgia, publicly disclosed a ransomware attack that disrupted its networks and phone systems. The county initially asserted no evidence indicated citizen or employee data compromise but advised precautionary monitoring of personal information. The DoppelPaymer ransomware gang later claimed responsibility, encrypting 2,464 devices during the intrusion. On October 29, 2020, the group published over 1 GB of unencrypted files stolen from county systems, contradicting Hall County’s earlier assessment. The leaked data included 911 spreadsheets, lobby comment cards, accounting records, and election-related documents. Attackers exfiltrated this information prior to deploying ransomware, though the county’s initial statement did not acknowledge data theft.
The released election documents contained ballot proofs, poll worker lists, administrative files, and voter registration records with voter IDs, full names, addresses, and assigned ballots—primarily public information under Georgia law. One document exposed a voter’s Social Security number, introducing identity theft risks. While most leaked data was publicly accessible, cybersecurity experts warned the information could facilitate targeted phishing campaigns or voter intimidation tactics. This concern followed recent U.S. government disclosures of Iran-linked voter intimidation emails impersonating the Proud Boys group, though no direct connection between those incidents and the Hall County breach was established. The county did not release additional statements following the data leak or detail remediation efforts beyond its initial advisory.