Information for children and parents was accessed by hackers over the summer, the Georgia Department of Human Services (DHS) said on Friday.
The security breach took place over the spring. Georgia DHS officials said that between May 3, 2020, and May 15, 2020, hackers managed to gain access to several employee email accounts.
Over the summer, officials said they learned that the intruders "had been able to retain" emails from the hacked accounts.
The emails contained personal and health information of children and adults involved in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS).
"The information that was compromised as part of the breach varies by person," Georgia DHS officials said on Friday.
"Individuals affected may have had the following types of information disclosed: full name of children and household members, relationship to the child receiving services, county of residence, DFCS case number, DFCS identification numbers, date of birth, age, number of times contacted by DFCS, an identifier of whether face-to-face contact was medically appropriate, phone numbers, email addresses, social security number, Medicaid identification number, Medicaid medical insurance identification number, medical provider name and appointment dates."
Further, for 12 individuals, psychological reports, counseling notes, medical diagnoses, and substance abuse information was also included.
Bank account information was not included, except for one individual, Georgia DHS official said.
The agency is currently in the process of notifying all affected individuals.
A phone number (1-888-304-102) was also provided for individuals to call and check if their info was exposed.
10 worst hacks and data breaches of 2019 (in pictures)