A cut to federal food assistance is looming, but residents have been struggling with the program for months. A cyber-attack in July targeted a phone system that lets people call about their account information. When Julia Smith, 33, qualified for the federal Supplemental Nutrition Assistance Program in late August, she expected to be able to use her benefits. But obtaining access to her card was complicated by a disruption at a call center a month earlier. Suzanna Smith, 30, who lives with her sister Julia and is her caregiver, said they were not able to activate the Electronic Benefits Transfer card with the phone number provided. When they went to the Georgia Department of Human Services to ask for guidance, they were given instructions to access Julia’s account online, but that didn’t work either, Suzanna said. “It’s put a strain on our family, to say the least,” said Brooklyn of Peachtree Corners.[1]
The more than 40 million Americans who depend on SNAP, also known as food stamps, are bracing for their benefits to be cut on 1 November when the Trump administration says money for the program will run out because of the federal government shutdown. But Julia and other Georgians have been struggling with the program for months.
An incident targeting a phone system that allows Georgia SNAP recipients to call about their account information occurred on July 28. DHS has called it a cyber-attack. The system is operated by Conduent, Georgia’s EBT card vendor. According to DHS emails reviewed by The Atlanta Journal-Constitution, the department shut down the call center on 1 August and put out a statement on 4 Augus, saying Conduent was investigating the attack and planned to reboot the system on 5 August. The department also said some SNAP beneficiaries’ cards would be locked before their monthly benefits distribution date because of activities during the initial attack.
After the reboot, DHS put out another statement saying it instructed Conduent to temporarily shut down the call center, but months later, it remains offline. Conduent characterized what DHS has called a “cyber-attack” differently. In a statement, the company said its phone system “detected an unusual spike in inbound calls. Such attempts are often experienced in a call center environment and Conduent, at the State of Georgia’s request, took steps to block suspicious activity,” the company said in a statement.
While the call center is down, DHS has encouraged cardholders to download Conduent’s app, ConnectEBT, and lock their cards between purchases. The department’s website says that anyone who has trouble accessing the app can log in to their account through the ConnectEBT website.
Suzanna Smith said she and Julia attempted to log in to the app and the website to activate Julia’s card but could not set up an account. They reached out for help multiple times, including by email and in person at a Division of Family and Children Services office in Gwinnett County, and still could not remedy the problem, Suzanna said.
The Smiths were instructed to reach out to Conduent, and they tried multiple times. But the company didn’t call back, Suzanna said. “When I was looking this up, people were talking about it, but are people waiting months? That’s the confusion I had,” she said. “Are we doing something wrong at this point, because it’s been a hot minute?”
After contacting the governor’s office, Julia Smith was able to resolve the problem and access her benefits on 17 October, more than two months after she qualified for SNAP. But now her November benefits could be in jeopardy.
DHS announced last week that money for the federally funded program will halt next month if the government shutdown persists. That would leave the 1.3 million low-income Georgians enrolled in SNAP without November benefits money to purchase groceries.
Emails from the days after the call center incident, obtained through the Georgia Open Records Act and first reported by 11Alive, show the call center was hit with a surge of inbound calls on 28 July. The emails also revealed that leaders at DHS and Conduent debated how to characterize the July incident, whether accounts were compromised by the disruption, and how the agency and vendor would reissue cards for accounts that it identified as accessing the call center on 28 July.
In one email on July 29, a Conduent staff member said there is no evidence that an account had been compromised. In a separate email exchange on 31 July, a company staff member took issue with calling the incident a “cyber-attack.” “At this point, we feel the use of the word ‘cyber-attack’ is a mischaracterization of the situation and could cause reputational harm to our company,” wrote one Conduent staff member. The emails also show tension between the agency and the company.
In a 5 August email, Georgia DHS Commissioner Candice Broce demanded access to data and expressed her “resentment” toward Conduent’s leadership. “We are being forced to limit entitlement access to the most vulnerable people, including disabled adults and thousands of children going back to school as we speak, to prevent their financial destruction,” she wrote. “They are going to go hungry unless you, our vendor, and your vendors get your act together.”
In another exchange on 7 August, Broce reiterated requests for replacement cards for accounts accessed by the call center on 28 July. Emails show the company reissued more than 45,000 new cards for accounts the DHS feared might be compromised.
A DHS spokesperson said in a statement to The Atlanta Journal-Constitution the department has been working with Conduent to help clients whose cards were reissued after the July cyber-attack. But the spokesperson did not directly address multiple questions from the AJC about the incident, including why the call center is still offline, when it is expected to come back online, and why some SNAP recipients have struggled to access their cards.
In a written statement, the agency said it created a form for “clients in need of assistance troubleshooting their EBT card.” The spokesperson also said the agency’s staff have been working with clients “where possible.” A DHS spokesperson said the department is reviewing its legal options with the state attorney general’s office to hold Conduent accountable while still serving SNAP beneficiaries.
In a statement, Conduent said the call center remains offline at the state’s direction as a “precautionary step.” Conduent did not provide specifics about the July 28 incident and referred to the AJC to DHS for any additional questions.
Meanwhile, the approximately 1.3 million low-income Georgians enrolled in SNAP remain without access to the call center and answers about when service will be restored.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.govtech.com/security/amid-shutdown-cyber-attack-thwarts-georgia-snap-recipients
Comments