In April 2024 [5], Coffee County in Georgia faced a cyber-incident that led to the disconnection of the county from the state’s voter registration system, GARViS [1] [2] [5] [6] [7], as a precautionary measure [1] [3] [5].


The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) detected unusual cyber activity on April 15, 2024 [4] [6], prompting a thorough examination of the county’s IT systems. Federal authorities suspected a ransomware attack and are collaborating with Coffee County to identify the perpetrators. While cyber activity by unknown malicious actors was confirmed [4] [6], no data exfiltration occurred [4] [5] [6]. County officials were disconnected from GARViS for several days as a precaution [1], although GARViS itself remained uncompromised [2]. Measures have been implemented to enhance network security [2], with officials now reconnected via backup laptops and isolated cellular networks [1] [5]. This incident follows a previous hacking attempt in January 2021 [6], raising concerns about potential cyber-attacks on US election infrastructure ahead of upcoming elections [2].


The cyber-incident in Coffee County underscores the importance of safeguarding election infrastructure against cyber threats. By taking proactive measures to secure networks and collaborate with federal authorities, officials can mitigate risks and protect electoral integrity. This incident serves as a reminder of the ongoing challenges in defending against cyber-attacks and highlights the need for continued vigilance in safeguarding election systems.