Rhode Island's social services and health data breach exposes personal details of hundreds of thousands. Cybercriminals threaten to release the stolen data!

Continue reading
On December 13, 2024, the state of Rhode Island was struck by a significant cybersecurity breach affecting its social services and health insurance systems. The breach compromised the personal data of potentially hundreds of thousands of residents who used the state's online portal, RIBridges, to apply for various assistance programs. This attack, attributed to an international cybercriminal group, has raised concerns about the safety of government systems handling sensitive personal information.
In this article, we will provide a detailed examination of the breach, its impact, and the ongoing efforts to mitigate the damage, offering insights into the breach's technical aspects, response measures, and the security lessons it underscores.
Rhode Island’s RIBridges system, which facilitates access to various public assistance programs, was recently subjected to a cyberattack by an international hacker group. The breach led to the compromise of personal data, including Social Security numbers, banking information, and other sensitive details, putting the state’s residents at significant risk. This attack is a stark reminder of the vulnerabilities present in government-run digital platforms and the escalating threats posed by cybercriminals.
The breach was first discovered on December 5, 2024, when Deloitte, the vendor operating the RIBridges system, alerted the state of a potential security threat. However, it wasn’t until December 13, 2024, that the breach was confirmed, with Deloitte identifying malicious code within the system and the likelihood that personally identifiable information (PII) had been stolen.
On December 13, 2024, Governor Dan McKee confirmed that the cyberattack, conducted by an international cybercriminal group, had compromised the RIBridges portal. The hackers gained unauthorized access to sensitive data, including Social Security numbers, banking information, and other personally identifiable information (PII) stored within the system.
RIBridges is a crucial system used by Rhode Island residents to apply for and manage a variety of government assistance programs, including Medicaid, food stamps, and child care support. The breach raised alarm bells as it impacted potentially hundreds of thousands of individuals who had applied for or received these benefits since 2016.
The cyberattack was part of a growing trend where cybercriminal groups target governmental systems to steal sensitive data and demand a ransom. The attackers reportedly threatened to release the stolen data unless they received a payment.
The following programs, which are managed through the RIBridges system, were directly impacted by the breach:
Anyone who has interacted with these services since 2016 could be at risk of having their personal information exposed.
The breach involved malicious code that allowed unauthorized access to sensitive files, which were likely downloaded by the attackers. The data compromised in the breach includes:
At this stage, the exact scope of the breach is still being assessed, but the compromised data is of high concern due to the presence of financial information and identifiable personal details.
The breach was first detected by Deloitte, the vendor operating the RIBridges system, on December 5, 2024. Initial reports indicated a potential threat, but it was unclear whether any sensitive information had been exposed.
The breach has potentially affected hundreds of thousands of residents who have applied for or received benefits through the RIBridges system. While the investigation is ongoing, the following individuals are most likely impacted:
The stolen data may include highly sensitive personal information, including Social Security numbers and banking information, which can lead to identity theft and financial fraud if misused.
The state of Rhode Island, along with its vendor Deloitte, has taken swift action to address the breach. The RIBridges system has been taken offline to prevent further unauthorized access. The following measures are being implemented:
Residents whose data has been compromised should take the following preventive measures:

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.