EBT Cyberattacks: Multi-State Crisis Threatens Food Security for Millions

A coordinated wave of cyberattacks targeting Electronic Benefits Transfer systems across seven states in August 2025 has exposed critical vulnerabilities in America's food assistance infrastructure, leaving vulnerable families without access to essential benefits.

The August 2025 Multi-State Attack

On July 28, 2025, automated bots launched a sophisticated cyberattack against the Interactive Voice Response (IVR) systems used by Electronic Benefit Transfer (EBT) cardholders across multiple states. The attack initially targeted Georgia's SNAP call center, operated by third-party contractor Conduent, but federal officials have confirmed that Delaware, Indiana, Iowa, Ohio, Oklahoma, and Virginia also reported similar incidents.

Georgia at the Epicenter

Georgia bore the brunt of the attack, with the state's Department of Human Services confirming that bots "forced a disruption in service and attempted to improperly access accounts." The attack shut down the state's SNAP call center for over two weeks, leaving thousands of families unable to check their benefit balances or access account information.

Key impacts in Georgia:

• Call center remained offline for more than 14 days
• Specific groups of EBT cards were proactively locked as a security measure
• Replacement cards issued to potentially affected users
• $23 million in SNAP benefits reported stolen in the first quarter of 2025 alone

The attack specifically targeted Conduent's IVR system, which allows EBT recipients to check card status, review account balances, and monitor transactions via phone. While Conduent referred to the incident as "suspicious activity," Georgia officials classified it as a full cyberattack.

Multi-State Coordination Revealed

Federal investigators have linked the Georgia attack to similar incidents across six other states, suggesting a coordinated effort by cybercriminals. The U.S. Department of Agriculture confirmed that states including Delaware, Indiana, Iowa, Ohio, Oklahoma, and Virginia reported related incidents to federal authorities.

This coordinated approach marks a significant escalation in EBT fraud tactics, moving beyond isolated skimming operations to systematic attacks on state-managed infrastructure.

The Growing EBT Fraud Crisis

The August 2025 attacks represent just the latest escalation in a growing wave of EBT fraud that has cost American taxpayers billions of dollars.

Staggering Financial Impact

According to USDA estimates, the true scale of EBT fraud may reach $12 billion annually—far exceeding the officially reported figures. Key statistics reveal the scope of the problem:

• 2024: States reported approximately $350 million in stolen SNAP benefits
• First Quarter 2025: $136 million stolen, with Georgia leading at $23 million
• 350% increase in fraudulent transactions between Q4 2024 and Q1 2025
• Over 300,000 households have received federal reimbursements totaling $150 million

Evolving Criminal Tactics

Modern EBT fraud has evolved far beyond simple card skimming to include sophisticated digital attacks:

Traditional Methods:

• Card skimming devices at ATMs and point-of-sale terminals
• Card cloning using stolen information
• Physical theft and PIN harvesting

Advanced Cyber Techniques:

• Bot attacks on IVR systems
• Brute force PIN attacks (software can crack 4-digit PINs in seconds)
• Point-of-sale system hacking
• Dark web trafficking of stolen EBT data
• Synthetic identity fraud
• Fraudulent merchant impersonation and terminal networks
• Unauthorized EBT terminal operations

Fraudulent Terminal Networks and Merchant Impersonation

Sophisticated Merchant Spoofing Operations

Recent investigations have uncovered highly sophisticated fraud schemes where criminals impersonate legitimate businesses to steal EBT benefits. Atlanta News First Investigates found fraudulent transactions linked to stores in Pennsylvania that don't accept EBT cards and were closed during the transaction times.

How Merchant Impersonation Works:

• Criminals set up fake merchant accounts using stolen business identities
• They obtain fraudulent EBT processing terminals through compromised systems
• Transactions occur at businesses that are closed or don't accept EBT, with funds disappearing within minutes across multiple states
• Many fraudulent merchants aren't listed in USDA's approved SNAP retailer database

Massive Terminal Fraud Networks

In May 2025, federal authorities uncovered one of the largest EBT terminal fraud schemes in U.S. history. A USDA employee and five others were charged in a multimillion-dollar scheme involving approximately 160 unauthorized EBT terminals processing over $30 million in fraudulent transactions.

The Terminal Fraud Operation:

• USDA insider Arlasa Davis sold hundreds of EBT license numbers, enabling over $36 million in fraudulent SNAP redemptions
• Conspirators submitted approximately 200 fraudulent USDA applications and doctored documents to obtain terminals
• Network supplied unauthorized terminals to stores across the New York area
• Davis received bribes disguised as "birthday gifts" and "flowers"

International Crime Networks

Federal law enforcement agencies have linked EBT fraud to international criminal organizations. The USDA and Secret Service conducted a major operation in Los Angeles in May 2025, making 10 arrests and seizing evidence of organized EBT skimming operations.

"These are truly sick and depraved individuals who are stealing food from low-income Americans for their own profit," said John Walk, USDA's acting deputy under secretary. "It is especially disturbing when international criminal organizations siphon tax dollars away from SNAP beneficiaries to fund their own illicit activities."

Historical Context: Years of Escalating Attacks

Early Warning Signs (2019-2021)

EBT fraud first gained significant attention around 2019, when California's Department of Social Services identified rising theft patterns. However, early responses focused primarily on scam prevention rather than addressing systematic vulnerabilities.

Early indicators:

• Texas reported its first EBT card skimming incident in February 2022
• In 2021, California reported just $90,000 in stolen EBT funds
• Mississippi began seeing significant EBT hacking reports by 2023
• South Carolina experienced rising EBT benefit thefts impacting vulnerable families

By 2022, monthly losses in California had reached nearly $2 million as criminals adopted more sophisticated skimming technologies.

The Pandemic Acceleration (2020-2022)

The COVID-19 pandemic created perfect conditions for EBT fraud to flourish:

• SNAP funding increased from $74 billion in 2020 to over $113 billion in 2022
• Work requirements were suspended, expanding the program
• Administrative oversight was reduced due to staffing shortages
• Security measures did not scale with increased funding

Major System Breaches (2022-2024)

California BenefitsCal Breach (2023-2024)

The most significant EBT-related cyberattack occurred when hackers compromised California's BenefitsCal system, the state's primary welfare portal. Discovered on February 9, 2024, the breach affected over 19,000 accounts, with unauthorized access occurring from March 1, 2023, to February 13, 2024 - nearly a full year of compromised access.

Scope of the California Breach:

• Names, dates of birth, Social Security numbers, phone numbers, EBT and Medi-Cal numbers accessed
• Criminals exploited reused passwords from other breached websites
• All affected users required new passwords, phone numbers, and replacement EBT cards
• Mandatory two-step verification implemented as a security enhancement

Organized Crime Operations

In parallel with individual fraud, law enforcement uncovered massive organized criminal enterprises. Between June 2022 and February 2024, over $181 million was stolen from California EBT beneficiaries alone, with seven individuals charged in connection with the scheme.

The Dark Web Economy (2022-2023)

By 2022, a thriving underground economy had emerged for stolen EBT data. Investigators analyzing Telegram channels found approximately 50,000 posts selling EBT information between 2020 and 2023, including detailed tutorials on the "EBT Method" for stealing benefits.

Common dark web offerings included:

• Complete EBT card information for $20-50
• Tutorials on cloning cards and accessing ATMs
• Real-time balance checking services
• Bulk purchase options for criminal networks

Federal Response and Legislative Action (2022-2024)

Congress responded to the crisis with the Consolidated Appropriations Act of 2022, which:

• Authorized federal reimbursement for stolen benefits between October 1, 2022, and September 30, 2024
• Required states to collect and report theft data
• Mandated development of enhanced security measures

However, federal reimbursement authority expired on December 20, 2024, leaving victims of theft after that date without federal recourse.

Technological Vulnerabilities

Outdated Card Technology

Most EBT cards still rely on magnetic stripe technology from the 1990s, making them vulnerable to skimming. Unlike modern credit and debit cards that use EMV chips, EBT cards lack basic security features that have become industry standard.

Current vulnerabilities:

• Magnetic stripe technology easily cloned
• Simple 4-digit PINs vulnerable to brute force attacks
• All cards in each state start with identical numbers
• Limited real-time fraud monitoring

Infrastructure Weaknesses

The August 2025 attacks exposed critical weaknesses in EBT infrastructure:

• IVR systems lack adequate bot protection
• Third-party contractors may have inconsistent security standards
• Limited coordination between state systems
• Insufficient backup systems during outages

State-by-State Impact Analysis

Top States for Reported SNAP Theft (Q1 2025)

1. Georgia: $23 million
2. California: Significant losses (exact figures vary)
3. Texas: Major ongoing issues
4. Florida: Substantial reported theft
5. New York: Active fraud monitoring

Varying State Responses

States have implemented different approaches to combat EBT fraud:

California:

• Allocated $50 million for chip card upgrades
• Created dedicated EBT fraud investigation unit in 2023
• Estimated losses of nearly $2 million monthly at peak

Oklahoma and California:

• First states to begin transitioning to chip-enabled EBT cards
• Implementation timeline: Summer 2024

Pennsylvania:

• Implemented card locking features through mobile apps
• Enhanced fraud monitoring systems

Maryland:

• Expanded state-funded reimbursement programs
• Covers losses not reimbursed by federal programs

Protecting Vulnerable Populations

Who Gets Hurt Most

EBT fraud disproportionately impacts America's most vulnerable populations:

• Low-income families dependent on monthly benefits
• Elderly recipients on fixed incomes
• Disabled individuals with limited resources
• Families with children who rely on SNAP for basic nutrition

Human Cost Beyond Numbers

For families like Guadalupe Rosales in California, EBT theft means immediate food insecurity. When $1,300 disappeared from her CalWorks card, it represented her entire monthly support for three children while recovering from domestic violence.

The psychological impact extends beyond financial loss, creating stress and anxiety in communities already facing significant challenges.

Response and Mitigation Efforts

Multi-Agency Law Enforcement Response

Operation April Fools (April 2024): The U.S. Secret Service conducted multi-day operations in San Diego and Oakland, targeting transnational organized crime organizations engaged in EBT fraud, resulting in ten arrests.

Georgia Multi-Agency Operation (August 2025): The U.S. Secret Service and local law enforcement conducted a two-day operation visiting 542 businesses and checking 3,408 terminals, recovering 41 skimming devices and preventing an estimated $43.7 million in losses.

National Capitol Region Sweep (January 2025): Law enforcement visited 879 businesses and recovered 27 skimming devices, preventing an estimated $7.2 million in potential losses.

Southern California Operation May Magnitude (2025): Secret Service personnel visited 130 businesses and checked 575 terminals, including ATMs, gas station pumps, and grocery store point-of-sale machines.

Store-Level Fraud Detection and Prevention

Physical Skimming Device Characteristics:

• POS skimming devices are generally designed as overlays to terminals with wireless transmission capabilities, and can be difficult to detect because criminals design plastic overlay shells that look identical to the original terminal
• Devices capture victims' card data and PIN entries through pinhole cameras, with skimming devices on gas pumps usually installed in the internal wiring and not visible to victims
• Each skimmer found and removed prevents around $300,000 in fraud loss

Recent Skimming Device Discoveries:

• Virginia: Skimming devices found at 7-Eleven stores in Manassas and Dumfries in June-July 2025
• Alabama: Secret Service operation in Birmingham area visited 151 businesses and recovered 3 skimming devices from over 1,400 terminals inspected
• Washington State: Operation visited 37 businesses and removed 4 skimming devices, preventing $1.2 million in estimated losses

State Security Measures

Immediate Actions States Are Taking:

• Mandatory PIN changes for all cardholders
• Implementation of card locking apps (ConnectEBT)
• Enhanced transaction monitoring
• Public awareness campaigns

Long-term Security Improvements:

• Transition to chip-enabled cards
• Real-time fraud detection systems
• Biometric authentication pilots
• Mobile payment integration

Technology Solutions

Current Security Features:

• ConnectEBT app for card locking/unlocking
• Real-time balance monitoring
• Transaction alerts
• Geographic spending restrictions

Future Innovations:

• EMV chip technology implementation
• Contactless payment options
• Biometric authentication
• AI-powered fraud detection
• Blockchain-based benefit distribution

Industry and Retailer Responsibility

Point-of-Sale Security

Retailers accepting EBT payments bear responsibility for protecting customers:

• Daily inspection of card readers for tampering
• Surveillance of payment areas
• Staff training on fraud detection
• Prompt reporting of suspicious devices

Technology Upgrade Requirements

The transition to chip-enabled cards requires extensive retailer preparation:

• Hardware upgrades for all payment terminals
• Staff training on new procedures
• Compliance with updated security standards
• Integration with existing systems

Legislative and Policy Challenges

Funding Gaps

The expiration of federal reimbursement authority in December 2024 created a critical gap in victim support. While some states have implemented their own reimbursement programs, coverage remains inconsistent across the country.

Regulatory Coordination

EBT fraud crosses state lines, requiring enhanced federal coordination:

• Standardized security requirements across states
• Improved information sharing protocols
• Unified response to multi-state attacks
• Consistent contractor oversight

Privacy and Access Concerns

Security improvements must balance fraud prevention with program accessibility:

• Ensuring benefits remain easily accessible to legitimate users
• Protecting privacy of vulnerable populations
• Maintaining service for elderly and disabled recipients
• Addressing technology barriers in underserved communities

Looking Forward: The Path to Secure Benefits

Short-term Priorities (2025-2026)

1. Immediate Security Hardening
   • Mandatory chip card implementation
   • Enhanced IVR system protection
   • Standardized contractor security requirements
2. Victim Support
   • Restoration of federal reimbursement authority
   • Streamlined replacement procedures
   • Enhanced customer support systems
3. Law Enforcement Coordination
   • Expanded multi-agency task forces
   • International cooperation on organized crime
   • Real-time intelligence sharing

Long-term Vision (2026-2030)

1. Technology Modernization
   • Complete transition from magnetic stripe cards
   • Integration with digital payment platforms
   • AI-powered fraud prevention systems
2. System Resilience
   • Redundant infrastructure to prevent service disruptions
   • Rapid response protocols for cyber incidents
   • Continuous security monitoring and updates
3. Holistic Approach

• Coordination with other benefit programs
• Integration with broader cybersecurity initiatives
• International cooperation on financial crimes

Conclusion: A Critical Moment for Food Security

The August 2025 multi-state EBT cyberattacks represent a watershed moment in the fight against benefit fraud. While the immediate crisis has been contained, the underlying vulnerabilities that enabled these attacks remain largely unaddressed.

The stakes could not be higher. For the 41.7 million Americans who depend on SNAP benefits, these attacks threaten basic food security. For taxpayers, the estimated $12 billion in annual fraud represents a massive drain on public resources intended to help society's most vulnerable members.

The path forward requires sustained commitment from federal and state governments, technology providers, retailers, and law enforcement agencies. Only through coordinated action can we build an EBT system that is both secure from criminal exploitation and accessible to those who need it most.

As cybercriminals continue to evolve their tactics, our response must be equally adaptive and forward-thinking. The August 2025 attacks have shown us the cost of complacency—now we must demonstrate the will to act decisively to protect America's food assistance infrastructure.

The question is not whether we can afford to implement comprehensive security improvements, but whether we can afford not to. For millions of American families, the answer is clear: their next meal may depend on getting this right.