Cyber Incident Victim: Scotland County

On December 18, 2023, Scotland County, North Carolina, experienced a cyber incident that prompted an ongoing response from cybersecurity officials. The Scotland County Board of Commissioners, led by Chairman Tim Ivey, declined to disclose specific details about the attack while recovery efforts remained active. Ivey confirmed the county’s IT service provider, VC3, and unspecified state cybersecurity officials were working to contain and resolve the incident. He cited operational security concerns as the primary reason for withholding information, stating that revealing mitigation strategies could enable attackers to circumvent defenses. County Manager April Snead acknowledged operational disruptions, noting all county departments were functioning at reduced speeds but improving daily. Phone lines and citizen services remained accessible throughout the incident, though residents were advised to expect delays. No ransomware groups, data compromise specifics, or attacker origins were disclosed by officials.

The county maintained essential services despite persistent system inefficiencies, with Snead emphasizing gradual progress toward normal operations. No timeline for full restoration was provided, and commissioners did not discuss financial impacts, data recovery status, or forensic findings publicly. The incident did not halt routine governance activities, as evidenced by the board’s concurrent discussions about property sales and appointments to local committees. Recovery priorities focused on restoring pre-incident service levels while preserving investigative secrecy. No law enforcement involvement, ransom demands, or citizen data breaches were mentioned in available statements. County leadership reiterated their commitment to transparency once remediation concluded but offered no further incident-related updates beyond confirming sustained response efforts.