Hackers Breach Georgia Court Clerks’ Authority, Shutting Down Online Services

The Georgia Superior Court Clerks’ Cooperative Authority said it recently fell victim to a significant data security incident in which threat actors accessed its internal network, forcing the agency to limit access to its website and related services.

 

The Georgia Superior Court Clerks’ Cooperative Authority is responsible for maintaining Georgia’s Uniform Commercial Code (UCC) filing index, updating real estate and personal property records, administering the state’s central notary public database, and managing a statewide repository of civil case filings.

 

In a data security incident notice, GSCCCA said that due to a “credible and ongoing cybersecurity threat” the organisation has activated its defensive security protocols that has forced the agency to temporarily take its website and other related services offline.

 

“Due to a credible and ongoing cybersecurity threat, the Clerks’ Authority activated its defensive security protocols, which include temporarily restricting access to its website and related services. We are committed to ensuring that our systems will be operational as soon as possible. 

 

“However, out of an abundance of caution, we continue to test and analyse our systems before they are made accessible to ensure maximum safety. We apologise for the inconvenience, and we appreciate your patience,” GSCCCA said.

 

The organisation has not released information about the cyber attack or its specifics, however, its website remained offline at the time of publication.

 

 

 

On November 22, Devman ransomware group announced that it had infiltrated the internal network of the Atlanta-based organisation, listing GSCCCA as a victim of its cyber attack on the group’s data leak site. The group claimed to have stolen 500GB of confidential data from the company’s internal network and warned it would leak the information if its $400,000 ransom demand is not met.

 

Devman, a ransomware group, started publicly attributing attacks to itself on its leak site in April 2025. Since then, it has claimed responsibility for breaches affecting over 50 organisations, such as Thailand’s Ministry of Labor, Kenya’s National Social Security Fund, and Spain’s Ayuntamiento de Níjar.