Cyber Incident Victim: United States of America
Date:
Nov 2022
Location:
United States of America
Summary
A cyber attack disrupted operations in over thirty Arkansas counties utilizing Apprentice Information Systems (AIS) for government services, forcing offices offline or prompting temporary closures. Affected counties reverted to manual processes such as handwriting records, significantly impeding services including tax payments, deed filings, and marriage license issuance. AIS confirmed a potential security breach and proactively took systems offline to investigate, though restoration timelines remained unclear, with some officials anticipating at least two days of downtime. While the attack impacted assessor, collector, clerk, and treasurer offices across multiple jurisdictions, election systems remained unaffected as they operated on separate servers. Public records stored in assessor databases were among the compromised data, though the motive behind targeting this information was unclear.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber attack targeting Apprentice Information Systems (AIS), a Rogers-based software provider for Arkansas county government offices, disrupted operations in at least 31 counties starting November 5-6, 2022. The incident forced multiple county offices—including assessors, tax collectors, clerks, and treasurers—to take systems offline or close temporarily. AIS detected a potential security breach and proactively disconnected affected systems to investigate threats, though the company did not disclose the attack vector or perpetrator. Counties reliant on AIS for property assessment, tax payment, deed filing, marriage license issuance, and land record management reverted to manual paper processes, with White County Assessor Gail Snyder describing operations as reverting to "the eighties." At least three counties (Saline, Faulkner, and White) implemented office closures or restricted services, while Arkansas, Pike, and Van Buren Counties lost all internet connectivity for government offices. Yell County Assessor Sherry Hicks warned residents that systems would remain offline for at least two days, halting nearly all property and tax-related transactions.
AIS CEO Doug Matayo confirmed the breach through a statement but provided no restoration timeline, stating counties would be brought back online only when "safe and prudent." The outage affected AIS-managed servers hosting public records like property assessments and marriage licenses, though Faulkner County officials confirmed election systems remained operational on separate infrastructure. Garland, Hot Springs, and Jefferson Counties avoided disruption by using alternative software providers. White County maintained limited in-person services using paper records requiring future data entry, while other counties posted closure notices or service limitations. AIS did not specify whether data was exfiltrated or encrypted, and county officials expressed uncertainty about the attackers' motives given the public nature of the affected records. No ransomware claims or specific threat actors were identified in available reports as of November 6.