Cyber Incident Victim: Georgia Department of Human Services

The Georgia Department of Human Services (DHS) experienced a data breach between May 3, 2020, and May 15, 2020, during which unauthorized actors gained access to multiple employee email accounts. The intrusion was detected over the summer when officials confirmed the attackers had retained emails from the compromised accounts. The breached emails contained sensitive personal and health information pertaining to children and adults involved in cases managed by the Division of Family & Children Services (DFCS), specifically within the Child Protective Services (CPS) program. The agency disclosed the incident publicly on October 10, 2020, initiating notifications to affected individuals. The breach duration spanned nearly two weeks, with no indication of earlier detection or immediate containment during the active compromise period.

Exposed information varied by individual but included full names of children and household members, relationships to children receiving services, county of residence, DFCS case and identification numbers, dates of birth, ages, contact history with DFCS, medical contact appropriateness indicators, phone numbers, email addresses, Social Security numbers, Medicaid identification numbers, and medical insurance details. Medical provider names and appointment dates were also compromised. For 12 individuals, highly sensitive psychological reports, counseling notes, medical diagnoses, and substance abuse records were accessed. Bank account information was exposed for one individual. Georgia DHS established a dedicated phone line (1-888-304-102) for individuals to verify whether their data was impacted and provided no indication of broader system-wide compromises beyond the targeted email accounts. The agency did not disclose technical details about the attack methodology, remediation steps taken to secure the email systems, or the total number of affected individuals.