Threat Watch

Cyberattack on Records Vendor Affects Scores of U.S. Counties

Cott Systems, a cloud-based digital records management vendor, informed its customers that an “organized cyberattack” had hit the company systems and resulted in “unusual activity” on its servers on December 26th. The company responded by unplugging its servers to isolate the intrusion. Cott Systems helps manage government data including public records, land records and court cases. The company serves over 400 local governments across 21 states and has long-standing associations with several national and international bodies, according to its website.

The server suspension forced hundreds of local governments to resort to manual processes, slowing down the processing of birth certificates, marriage licenses and real estate transactions. The company notified the FBI and the Department of Homeland Security of the incident but says there is no “absolute” timeline for service resumption of its entire product line, which includes five systems used by local clerks and recorders to manage public and land records, property deeds, and court cases. In the notification to Rockland County on Monday, Cott Systems CEO Deborah Ball confirmed that the company’s databases “are in good order” and that 93% of its infrastructure had been fixed. She added that none of the company’s data had been lost or damaged.


To protect against similar cyber-attacks, organizations should:

• Regularly back up data, air gap, and password protect backup copies offline.
• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released.
• Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats
• Use multifactor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts and avoid reusing passwords for multiple accounts.
• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.