Cyber Incident Victim: Georgia Department of Human Services
Date:
Jul 2025
Location:
United States of America
Summary
A cyberattack targeted the Georgia Department of Human Services' third-party contractor Conduent, disrupting the state's SNAP benefits call center and interactive voice response system through bot-driven attempts to improperly access electronic benefit transfer accounts. The incident forced service outages and prompted officials to advise cardholders to change PINs and monitor accounts via the ConnectEBT platform, though the department did not confirm whether account information was compromised. Conduent acknowledged blocking suspicious activity but did not explicitly confirm the attack, while broader context indicates ongoing EBT fraud linked to international criminal organizations cloning point-of-sale terminals to steal benefits.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 1, 2025, the Georgia Department of Human Services (DHS) disclosed a cyberattack targeting the state’s Supplemental Nutrition Assistance Program (SNAP) electronic benefits call center, operated by third-party contractor Conduent. The incident occurred on Monday, July 28, 2025, when automated bots attacked Conduent’s interactive voice response (IVR) system—a phone-based platform enabling beneficiaries to check benefit balances and account details. This forced a service disruption and involved attempts to improperly access EBT accounts, though DHS did not confirm whether hackers successfully obtained information. Conduent acknowledged detecting an “unusual spike in inbound calls” but avoided explicitly confirming a cyberattack, stating such attempts were common in call center environments. At Georgia’s request, Conduent blocked suspicious activity and continued monitoring systems. The call center remained offline over the weekend following the attack and experienced additional downtime on Tuesday, July 30, as investigations proceeded.
The attack occurred amid heightened concerns about large-scale EBT fraud nationally, with $350 million stolen from SNAP accounts in 2024 alone and a documented 350% increase in fraud during Q4 2024. DHS urged Georgia SNAP recipients to change their EBT card PINs and use Conduent’s ConnectEBT app—launched in 2024 with card-locking capabilities—to monitor accounts. The incident aligned with patterns identified by federal agencies: The USDA and U.S. Secret Service had previously linked similar fraud to international crime rings cloning point-of-sale terminals to drain benefits within minutes of deposit. While Conduent had publicly announced enhanced EBT fraud prevention measures on July 22, 2025—including “intelligent voice systems to detect suspicious calls”—the company declined to elaborate on these safeguards or the attack’s specifics. DHS and Conduent maintained ongoing investigations but provided no further details about attacker origins, compromised account volumes, or long-term system modifications.