Pulaski County, Arkansas Clerk’s Office Confirms January Cyberattack After Months of Silence
Nearly three months after a prolonged systems outage, officials in Little Rock, Arkansas, have publicly confirmed that the Pulaski County Circuit and County Clerk’s Office was the target of a cybersecurity incident on January 16, 2025. The attack halted essential public services including marriage licensing, voter registration, and real estate documentation. At the time, the office cited technical difficulties without acknowledging the potential for a cyberattack. On April 8, County Clerk Terri Hollingsworth officially confirmed the incident was cybersecurity-related, crediting her IT staff for limiting its impact and restoring most services within the first week. Officials maintain that no personal data was stolen.
The county contracted Heartland Business Systems to conduct forensic analysis, assess the point of entry, isolate affected systems, and initiate a dark web exposure scan to check for leaked data. The office has since adopted several defensive measures, including transitioning from ".com" to ".gov" email domains, implementing an anti-phishing system, and training staff to detect suspicious messages. All major services have resumed. However, the contract’s language and scope suggest the attack may have involved deeper system access than initially disclosed.
The delay in publicly acknowledging the cyberattack raises transparency concerns, particularly given the critical nature of the Clerk’s Office in handling sensitive legal and civic data. While officials report no evidence of a breach, cybersecurity experts note that dark web scans are limited in scope and do not definitively rule out data exfiltration. In many past incidents, breaches were confirmed only months after initial denials. The Pulaski County case underscores the importance of timely public disclosure and proactive security communication, especially as local governments face escalating digital threats.