Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents’ personal information after the Brain Cipher ransomware gang hacked its systems.
RIBridges is a modern integrated eligibility system (IES) used in Rhode Island to manage and deliver public assistance programs, helping streamline the administration of various social services.
The incident was discovered on December 5, 2024, and following an evaluation by Deloitte, it is considered very likely that hackers stole files containing personally identifiable information and other data.
“On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system,” reads the announcement published by the Rhode Island authorities on Saturday.
“In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible.”
“Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges.”
Following Deloitte’s discovery of “malicious code” in the system, RIBridges was taken offline, so citizens cannot currently access their accounts from the web portal or the mobile app.
This incident impacts applicants and beneficiaries of the following programs:
- Medicaid
- Supplemental Nutrition Assistance Program (SNAP)
- Temporary Assistance for Needy Families (TANF)
- Child Care Assistance Program (CCAP)
- Health coverage purchased through HealthSource RI
- Rhode Island Works (RIW)
- Long-Term Services and Supports (LTSS)
- General Public Assistance (GPA) Program
- At HOME Cost Share
Although the data that has been exposed remains under evaluation, Deloitte says it may include names, addresses, dates of birth and Social Security numbers, and certain banking information.
Impacted households will receive a letter via mail, and affected residents can call the dedicated call center that started operation yesterday to support them.
General recommendations given by Rhode Island authorities include resetting passwords, placing a fraud alert and credit freeze on their banking accounts, and activating security measures provided by their banks.
Those who need to apply for any of the above programs may still do so via paper, following the instructions provided here.
Deloitte…
Click Here to Read the Full Original Article at BleepingComputer…