The California legislature, in recognizing the vulnerability of state information systems to exploitation by malicious actors, recently passed legislation allowing state benefits to be reimbursed to affected persons if benefits are stolen through a data breach.
Currently, California law provides only that beneficiaries are not responsible for any loss of cash benefits resulting from an unauthorized withdrawal by means other than the use of the physical electronic benefit transfer (EBT) card. The new bill, AB 2313, bolsters these protections and requires prompt reimbursement of the benefits if they are taken by an unauthorized third party representing themselves to be a state-approved vendor, retailer, or government official. Moreover, in cases where the California Department of Social Services finds that the cash benefits for multiple recipients were acquired by means of a data breach that exposed recipients’ EBT card numbers or personal identification numbers, the Department of Social Services may issue a mass reimbursement. Any such reimbursements must be approved by the California Department of Finance.
The bill has been passed by the California legislature and has been submitted to the governor for signature.