Hackers targeted Georgia’s SNAP benefits call center, operated by **Conduent**, via a cyberattack on its **interactive voice response (IVR) system** using bots. The attack disrupted services, forcing system downtime over the weekend and again on Tuesday, while attempting to improperly access **EBT account information** (including benefit balances). Though unconfirmed, the breach aligns with broader **international crime ring activities** cloning POS terminals to steal **hundreds of millions in taxpayer-funded SNAP benefits**—with a **350% fraud surge in Q4 2024**. Authorities urged cardholders to change PINs and lock accounts via Conduent’s **ConnectEBT app**, highlighting systemic vulnerabilities in third-party benefit distribution systems. The incident compounds ongoing **EBT scams** where funds vanish within minutes across multiple states, often through unauthorized retailers. Conduent acknowledged 'unusual call spikes' but avoided confirming a breach, citing generic fraud prevention measures like 'intelligent voice detection.'
TPRM report: https://www.rankiteo.com/company/conduent
"id": "con1965119090625",
"linkid": "conduent",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands of SNAP beneficiaries '
'in Georgia (exact number '
'unspecified)',
'industry': 'Public Welfare',
'location': 'Georgia, USA',
'name': 'Georgia Department of Human Services (DHS)',
'type': 'Government Agency'},
{'customers_affected': 'SNAP beneficiaries using '
'Conduent’s IVR system in '
'Georgia',
'industry': 'Business Process Services',
'location': 'Global (HQ in Florham Park, NJ, USA)',
'name': 'Conduent',
'type': 'Private Contractor'}],
'attack_vector': ['Bot Attack',
'IVR System Exploitation',
'Credential Stuffing (implied by PIN change advisory)',
'Point-of-Sale (POS) Terminal Cloning (linked broader '
'fraud)'],
'customer_advisories': ['Use ConnectEBT app to monitor accounts and lock '
'cards',
'Report fraud to USDA OIG via phone/online'],
'data_breach': {'data_exfiltration': 'Unconfirmed (attempted but not '
'verified)',
'personally_identifiable_information': ['EBT Card Numbers '
'(likely)',
'PINs (if '
'compromised)'],
'sensitivity_of_data': ['EBT Account Balances',
'PINs (potentially)']},
'date_detected': '2025-XX-XX (exact date not specified; attack occurred on a '
'Monday earlier in the week of reporting)',
'date_publicly_disclosed': '2025-XX-XX (reported by Atlanta News First; exact '
'date not specified)',
'description': 'Hackers targeted Georgia’s privately contracted SNAP benefits '
'call center in a cyberattack, using bots to attack Conduent’s '
'interactive voice response (IVR) system. The attack disrupted '
'services and attempted to improperly access EBT account '
'information. The incident is part of a broader trend of '
'EBT/SNAP fraud linked to international crime rings, with $350 '
'million stolen in taxpayer dollars last year alone. The call '
'center was temporarily shut down, and officials advised '
'cardholders to change their PINs and lock their cards via the '
'ConnectEBT app.',
'impact': {'brand_reputation_impact': ['Negative publicity for Conduent and '
'Georgia DHS',
'Erosion of trust in EBT system '
'security'],
'customer_complaints': ['Dozens of reports from Georgia and other '
'states about stolen benefits'],
'downtime': ['Call center down over the weekend (2+ days)',
'Additional outage on Tuesday morning'],
'financial_loss': '$350 million (nationwide EBT fraud in 2024; '
'specific loss from this incident unclear)',
'identity_theft_risk': ['Low (primary risk is financial theft, not '
'identity theft)'],
'operational_impact': ['Disruption of SNAP benefits access for '
'Georgia residents',
'Increased customer support burden',
'Manual PIN reset/locking required for '
'cardholders'],
'payment_information_risk': ['High (EBT account balances and PINs '
'targeted)'],
'systems_affected': ['Conduent’s IVR System',
'ConnectEBT App (indirectly, via advisory)',
'EBT Card Transactions']},
'initial_access_broker': {'entry_point': ['IVR System Exploitation',
'Bot-Based Call Flooding'],
'high_value_targets': ['EBT Account Balances',
'PINs']},
'investigation_status': 'Ongoing (as of report)',
'lessons_learned': ['Need for stronger authentication in IVR systems (e.g., '
'MFA)',
'Proactive bot mitigation strategies for call centers',
'Importance of real-time transaction monitoring for EBT '
'fraud',
'Public awareness campaigns for cardholder security '
'(e.g., PIN changes, card locking)'],
'motivation': ['Financial Gain',
'Fraudulent Transactions',
'Theft of Taxpayer Funds'],
'post_incident_analysis': {'corrective_actions': ['Deployed enhanced bot '
'detection (per Conduent’s '
'July 2025 press release)',
'Temporary call center '
'shutdown to contain attack',
'Public campaign for PIN '
'resets and card locking'],
'root_causes': ['Inadequate bot protection in IVR '
'system',
'Lack of real-time fraud detection '
'for EBT transactions',
'Weak authentication for call-in '
'account access']},
'recommendations': ['Implement MFA for EBT account access via IVR/call '
'centers',
'Enhance bot detection with AI/ML-based anomaly detection',
'Expand use of the ConnectEBT app’s security features '
'(e.g., card locking)',
'Collaborate with USDA/Secret Service to disrupt '
'international fraud rings',
'Audit and update POS terminal security to prevent '
'cloning'],
'references': [{'date_accessed': '2025-XX-XX',
'source': 'Atlanta News First',
'url': 'https://www.atlantanewsfirst.com/ (hypothetical; '
'exact URL not provided)'},
{'source': 'USDA Press Release (May 2025)'},
{'source': 'Conduent Press Release (July 22, 2025)'}],
'regulatory_compliance': {'regulatory_notifications': ['USDA and Secret '
'Service involved in '
'broader fraud '
'investigations']},
'response': {'communication_strategy': ['Public advisory via Georgia DHS',
'Media statements to Atlanta News '
'First',
'Direct notifications to cardholders '
'(implied)'],
'containment_measures': ['Blocked suspicious inbound calls',
'Shut down call center temporarily'],
'enhanced_monitoring': ['Ongoing monitoring of IVR system for '
'suspicious activity'],
'incident_response_plan_activated': 'Yes (Conduent blocked '
'suspicious activity at '
'Georgia’s request)',
'law_enforcement_notified': ['USDA Office of Inspector General',
'U.S. Secret Service (linked to '
'broader fraud investigations)'],
'recovery_measures': ['Call center restoration (ongoing as of '
'report)',
'Monitoring via ConnectEBT app'],
'remediation_measures': ['Enhanced bot detection in IVR system '
"(pre-existing 'intelligent voice "
"systems')",
'Advisory for PIN changes and card '
'locking']},
'stakeholder_advisories': ['Georgia DHS advisory to change PINs and lock EBT '
'cards',
'USDA/Secret Service warnings about international '
'fraud rings'],
'threat_actor': ['Unidentified Hackers',
'International Crime Rings (linked by USDA/Secret Service)'],
'title': 'Cyberattack on Georgia’s SNAP Benefits Call Center Operated by '
'Conduent',
'type': ['Cyberattack',
'Fraud',
'Unauthorized Access Attempt',
'Service Disruption'],
'vulnerability_exploited': ['Weaknesses in IVR System Authentication',
'Lack of Multi-Factor Authentication (MFA) for '
'Call-In Access',
'Insufficient Bot Detection/Prevention']}