Cyber Incident Victim: Crawford County Assessor’s Office

On December 27, 2021, employees at the Crawford County Assessor’s Office in Arkansas discovered a cyberattack affecting their systems. The incident was reported by Crawford County Judge Dennis Gilstrap, who indicated staff noticed files missing from desktop folders on a primary office computer. While the exact nature of the attack remained unclear, the county immediately engaged Apprentice, its contracted cybersecurity provider, to address the situation. Apprentice responded by rapidly shutting down the affected servers to prevent further spread of the compromise. This containment action aimed to isolate the threat and minimize additional operational disruptions. No specific details were provided regarding the type of attack, such as ransomware or data exfiltration, nor was there confirmation of whether sensitive data was accessed or stolen. The incident disrupted normal operations at the Assessor’s Office, though the full scope of functional impacts was not detailed in initial reports.

Authorities did not disclose technical specifics about the attack vector, duration of unauthorized access, or whether other county systems were affected beyond the Assessor’s Office. Judge Gilstrap acknowledged uncertainty regarding precise technical terminology to describe the incident, reflecting limited initial forensic clarity. The county’s reliance on external cybersecurity expertise underscored the operational response strategy, with Apprentice leading containment efforts. No public statements referenced data recovery timelines, restoration processes, or whether law enforcement was notified. The incident highlighted vulnerabilities in local government infrastructure but yielded no confirmed information about threat actors, motives, or long-term consequences for county services or constituent data.