Charles Roberts ran a legitimate operation in Henry County, Georgia. His business registration was public record, which meant the state's online portal listed his company name, officer information, and filing history for anyone who wanted it.
In the middle of the night, someone accessed the Georgia Secretary of State's portal and changed the officer information on his company. They didn't break in. They used the system the way it was designed to be used. By morning, a criminal had legal-looking documentation of a business they now controlled on paper.
The only reason it didn't proceed further was a PNC Bank employee who noticed the officer change had occurred hours before someone walked in to open a new account.
The registration record functioned exactly as designed, which is the problem. Public access is the feature. The audit trail is the attack surface. The small business owner who built something legitimate spent years creating a public footprint that required zero specialized knowledge to weaponize.
How many states does a small business owner have to file in before someone maps the full exposure?
RuleDraft