Cyberattack hits Georgia county at center of voting software breach

State officials in Georgia have severed Coffee County’s access to statewide election systems while the breach is being addressed.
Stickers sit on a table at a polling location on November 8, 2022 in Atlanta, United States. (Photo by Megan Varner/Getty Images)

The computer infrastructure of a Georgia county at the center of an effort to falsely claim that the state’s 2020 presidential election was marked by fraud was struck by a cyberattack earlier this month that prompted state officials to sever Coffee County’s access to statewide election systems. 

In a statement Friday, the Coffee County Board of Commissioners said that the county was notified by the Cybersecurity and Infrastructure Security Agency on April 15 about unusual cyber activity in Coffee County’s IT infrastructure.

“Upon examination, Coffee County’s IT infrastructure showed no evidence of exfiltration of data/files, but did indicate cyber-activity by an unknown malicious actor,” the county board said, adding that it declared a cyber incident and took steps to secure its systems. 

The incident prompted state election officials to shut down Coffee County’s access to Georgia’s statewide voter registration system, known as GARViS, “out of an abundance of caution,” according to a notice sent by Georgia’s Secretary of State’s office obtained by CyberScoop. 


Coffee County election officials were also “barred” from accessing other state systems, including an election management suite known as ePulse, the election night reporting system and other state systems “until the security threat is cleared,” according to the note. 

The note added that there is no evidence “that this is an issue or attack impacting other counties, however attacks can be done sequentially, impacting one county, then another.”

“We took immediate action on April 16th, before Coffee County would acknowledge the issue, and cut them off from all of our systems immediately,” said Mike Hassinger, a spokesman for Georgia Secretary of State Raffensperger.

CISA referred questions about the incident back to Coffee County.  

The breach in Coffee County is the second incident in Georgia in which IT infrastructure has been breached in counties where former President Donald Trump or his allies are embroiled in legal battles related to his effort to overturn the results of the 2020 election. 


Earlier this year, Fulton County, Georgia, was struck by a ransomware attack believed to have been carried out by the Russian criminal gang known as LockBit. Prosecutors in Fulton County have indicted Trump alongside his lawyer, Rudy Giuliani, and his former chief of staff, Mark Meadows, for their attempts to change the outcome of the 2020 election. 

In Coffee County, Trump allies are alleged to have unlawfully obtained voting machine software in what ​​is considered one of the most serious breaches of voting equipment in recent memory. 

The extent of the cyberattack on Coffee County remains unclear, as is who was behind it. The number of impacted systems is also unclear, but some parts of Coffee County’s website were down Thursday and Friday. County officials have been responding to public records requests this week by claiming the county archiver is down for maintenance.

Tim Starks contributed reporting to this article.

Updated April 27, 2024: This article has been updated with comment from the Georgia Secretary of State’s office.

Latest Podcasts