Cyber Incident Victim: Cott Systems
Date:
Dec 2022
Location:
United States of America
Summary
A cyberattack targeting Cott Systems, a vendor providing cloud-based government records management, disrupted operations for hundreds of U.S. counties across multiple states. The incident forced local governments to revert to manual processes such as pen-and-paper record-keeping, significantly slowing vital services including real estate transactions, marriage license issuance, and access to property deeds and court documents. While the vendor isolated its systems by disconnecting servers and confirmed no data loss or damage, the outage persisted with no definitive restoration timeline. Federal agencies including the FBI and Department of Homeland Security were engaged to investigate the attack, which the company attributed to an international criminal group. Affected counties reported operational delays, with some implementing workarounds for limited record access while recovery efforts involving multiple cybersecurity teams continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 25, 2022, Cott Systems, a cloud-based provider of government records management solutions, detected potentially malicious files within its infrastructure, triggering an organized cyberattack that disrupted services for hundreds of U.S. counties. The company, which supports over 400 local governments across 21 states with systems for managing public records, land deeds, court cases, and vital documents, immediately unplugged its servers to isolate the intrusion, as confirmed in a notification shared with New York’s Rockland County. By December 26, Cott formally acknowledged the incident, characterizing it as an "organized cyberattack" that caused "unusual activity" on its servers. The server suspension forced county offices to revert entirely to manual processes, including pen-and-paper record-keeping, physical timestamping of filings, and searches through microfilm or physical books. Immediate impacts included the inability to issue marriage licenses, process real estate transactions, or update vital records like birth and death certificates electronically. At least six North Carolina counties—Nash, Halifax, Edgecombe, Greene, Pamlico, and Jones—were locked out of their online systems, with Nash County reporting a complete halt to real estate transactions and marriage license issuance. Similar disruptions affected Livingston Parish in Louisiana, where staff manually searched physical copies for records, and counties in Connecticut and Mississippi reported operational slowdowns. Cott notified the FBI and Department of Homeland Security of the incident but declined to publicly identify the threat actor, citing an ongoing investigation into a global criminal group known to law enforcement.
The cyberattack caused widespread operational delays, with county clerks describing workflows as "much slower" due to manual workarounds. Cott Systems CEO Deborah Ball confirmed in a December 26 update to Rockland County that no data was lost or damaged, with databases remaining "in good order," and 93% of the infrastructure restored. However, the company provided no absolute timeline for full service restoration across its five affected systems, which managed public records, land deeds, court cases, and property transactions. Daily updates were provided to county clients, including Onondaga County in New York, where online access to deeds, mortgages, and business certificates remained offline, though court records could still be accessed via a state website. Cott engaged two external cybersecurity teams to investigate the incident but withheld details on the attack’s origin, indicators of compromise, or whether ransomware was involved. The FBI and DHS continued investigating the threat group responsible, which operated internationally. While some counties, like Jones County in North Carolina, maintained limited operations at reduced speeds, others, such as Greene County, faced complete stoppages for marriage licenses and indexing. The incident underscored dependencies on third-party vendors for critical government functions, with recovery efforts extending into late December without a definitive resolution date.