Gov. Brian Kemp’s cash giveaway to Georgia’s most economically vulnerable residents has been fraught with complications, and now some recipients are reporting their money as stolen.

Separately, two subject-matter experts tell The Atlanta Journal-Constitution and Axios that administration of these payments have violated federal data privacy regulations, something the state denies.

It’s unknown just how many recipients have been negatively affected by the rollout, but the state’s Department of Human Services says the “overwhelming majority” of people have spent the funds without any issues. But the state did not provide information on how much money has potentially been stolen.

Kemp, whose name is prominently featured on the cash cards, said in an interview that while there may have been “a bump or two,” overall he’s happy with the program, especially since much of it has been electronic.

“For that population, for us to be able to communicate with them [digitally] and do benefits and other things in the future, it’s going to make state government and their lives a lot more efficient,” he said.

The Department of Human Services, which administered the payments through a third-party vendor, reports that $1 billion has been sent to about 3 million Georgians since Sept. 20th. Just under half of that money has been successfully spent.

In August, Kemp announced that he would dole out $350 cash payments totaling more than $1 billion to people who are enrolled in some of the state’s major benefits programs, such as Medicaid, TANF and SNAP, in the form of pre-paid cards. He is using federal aid leftover from the American Rescue Plan that Democrats in Congress approved in March 2021.

Democrats have accused the governor of using the funds to curry favor with voters before the Nov. 8 election. Kemp says he’s abiding by Georgia law, which gives him unilateral control over how the federal money is spent.

Scammers

Amid broad advertisement and media coverage of the payments, DHS says scammers sent emails impersonating the state and prompting recipients to put in their personal information, enabling them to steal the funds.

DHS’ Facebook page has been inundated with complaints, largely about how the cards are not working, haven’t been received, or that money has been stolen from them.

Deiondra Ramsay, 32, from Calhoun, said she received two cards for her kids and one for herself, totaling $1,050 dollars. She initially spent about $650 on various bills and clothes for her kids in late September. When she logged on to her account in early October, the rest of the money had been stolen. The remaining funds were spent on items on Craigslist and expensive activewear.

Not only was her money stolen, but Ramsay said she hasn’t gotten another card and her state benefits account is still locked after several weeks. She was planning on using the rest of the money on Christmas presents for her kids.

“I haven’t heard anything,” she said. “It’s just been a big mess.”

DHS has warned recipients about social media accounts impersonating state staff.

“We are collecting data through our card-specific call center, which we’re directing people to report fraud to and working with law enforcement as warranted to confirm instances of fraud tied to various phishing and related schemes to steal or misuse someone’s information,” said Kylie Winton, a spokesperson for DHS.

But Ramsay said that she never clicked on a phishing email. She shared screenshots of the emails she clicked on with the AJC and Axios, and the state confirmed that the email was legitimate and from DHS. She’s now worried that her family’s private information may have been compromised.

DHS says that it is also possible that people previously affected by an organization’s data release are just now being exploited by bad actors. In the cases where fraud is confirmed, recipients will be reimbursed the full amount that was stolen, DHS adds.

DHS says that they have found social media accounts impersonating DHS staff that ask recipients to email or direct-message them, then ask for personally identifiable information like Social Security numbers. The state has reported “numerous” fake accounts and pages, Winton said, some of which have yet to have been removed. In some cases to mitigate fraud, vendors may limit access to an account or card “out of an abundance of caution.”

Christy Teel, a 36-year-old mother of four from Carrollton, said she’s spent most of one of her children’s cards successfully, but had funds stolen from three others–including through in-person transactions at a Massachusetts Apple store. Teel insists she didn’t click on any phishing scams.

“That’s the thing that gets me. They think everybody’s clicking on something, and that’s not the case whatsoever,” she said in an interview.

Privacy regulations

The payments were given through benefits programs like Medicaid, SNAP and TANF, which are federal programs the state administers.

Beneficiaries’ names, addresses and dates of birth were shared with a third-party vendor to manage the rollout of the payments. According to federal regulations, state Medicaid agencies must restrict usage or disclosure of this federal enrollment data for “purposes directly connected with the administration of the plan,” a spokesperson for the Centers for Medicare & Medicaid Services confirmed.

David Super, a lawyer and legal scholar at Georgetown University who has specialized in Medicaid law also said the program “clearly violates the privacy protections in the Medicaid law.”

Josh Norris, a Decatur attorney specializing in Medicaid law, agrees.

Because the payments are not related to eligibility or benefits under Georgia’s Medicaid program, the federal Medicaid regulations “require the state to get permission from every individual Medicaid beneficiary before state officials can share information about them with third parties.”

“While providing cash benefits to people in need may be a laudable goal, you’ve still got to follow the law and respect people’s privacy,” Norris said. “You don’t get to just say to people: ‘Well since you’re not well-off and we want to help you out, we get to violate your confidentiality.’ It’s not how this works. It violates basic human decency.”

DHS said that before the contract was executed, both DHS and the Department of Community Health independently reviewed the issue for legality and determined that the state may use and disclose data without written permission from Medicaid members.

The state maintains the payments were an authorized use of data because the federal COVID relief law encouraged support for low income Americans.

“Specifically authorized by Congress and federal regulations, direct cash assistance is a desperately needed service for our state’s most vulnerable citizens, who are grappling with forty-year-high inflation and struggling to make ends meet due to the negative economic impacts of COVID-19,” DHS Commissioner Candice Broce said in a statement. “After a thorough review of applicable law and rules, the State of Georgia developed this innovative program with safeguards in place to deliver immediate financial relief to families facing high gas prices, grocery bills, healthcare expenses, and utility bills.”

Broce also said that with the rising costs of living, Georgians are using these funds to cover necessities like hearing aids, dental care, eye doctor visits, and similar healthcare expenses.

In 2017, the state Division of Family and Children’s Services was found to have violated these regulations by sharing beneficiaries’ data with a nonprofit for a holiday gift program.

Kemp said he wasn’t aware of specific data regulations, but added that if the federal government wants “to come after us for trying to help people deal with their 40-year-high inflation, bring it on.”

DHS says that recipients who believe they have been a victim of identity theft or had money stolen should file a police report and call the state at 1-833-907-0683.

The Atlanta Journal-Constitution and Axios, an online news outlet, are now jointly owned by Cox Enterprises, and collaborated on this story.