HQ/EMEAFind out how we can help your business
The state of Rhode Island has confirmed a significant data breach affecting its RIBridges system following a cyberattack by the Brain Cipher ransomware group.
Managed by Deloitte, RIBridges is a centralised eligibility platform that supports the delivery of public assistance programmes across the state. The breach has compromised personal data belonging to residents who rely on these services.
The security incident was first identified on 5 December 2024. Deloitte later informed Rhode Island authorities on 13 December of the severity of the threat, confirming the likelihood of unauthorised access to files containing sensitive personal information. As a precaution, the state temporarily took the RIBridges system offline to address the issue and prevent further exposure. Deloitte’s investigation uncovered malicious code within the system, further supporting the high probability of data theft.
The breach impacts individuals using key public programmes, including Medicaid, the Supplemental Nutrition Assistance Programme (SNAP), Temporary Assistance for Needy Families (TANF), and Rhode Island Works, among others. Services related to health coverage and long-term care are also affected.
According to initial findings, names, addresses, birth dates, Social Security numbers, and possibly some financial information may be among the stolen data. While the full extent of the data exposure is still under review, affected residents are being contacted directly via postal letters. The state has also established a dedicated call centre to assist those impacted.
Authorities are advising residents to take immediate precautions to safeguard their information. Recommended steps include resetting online account passwords, placing fraud alerts or credit freezes on banking accounts, and activating additional security features provided by financial institutions. For those requiring immediate access to public assistance, alternative paper-based application processes have been put in place.
Deloitte has confirmed the ransomware attack on the RIBridges system, following earlier claims by the Brain Cipher group that they had targeted the global auditing giant.
Initially, Deloitte refuted the allegations, stating that the breach involved a single client’s system rather than their corporate network. Subsequent investigations have now identified RIBridges as the compromised system.
In response, Deloitte is collaborating with Rhode Island authorities and law enforcement to address the breach. The company has reiterated its commitment to resolving the issue and supporting the affected state and its residents. While the investigation remains ongoing, efforts to restore the system and strengthen its defences are underway.
