Rhode Island confirms data breach after Brain Cipher ransomware attack

Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.

RIBridges is a modern integrated eligibility system (IES) used in Rhode Island to manage and deliver public assistance programs, helping streamline the administration of various social services.

The incident was discovered on December 5, 2024, and following an evaluation by Deloitte, it is considered very likely that hackers stole files containing personally identifiable information and other data.

"On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system," reads the announcement published by the Rhode Island authorities on Saturday.

"In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible."

"Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges."

Following Deloitte's discovery of "malicious code" in the system, RIBridges was taken offline, so citizens cannot currently access their accounts from the web portal or the mobile app.

This incident impacts applicants and beneficiaries of the following programs:

• Medicaid
• Supplemental Nutrition Assistance Program (SNAP)
• Temporary Assistance for Needy Families (TANF)
• Child Care Assistance Program (CCAP)
• Health coverage purchased through HealthSource RI
• Rhode Island Works (RIW)
• Long-Term Services and Supports (LTSS)
• General Public Assistance (GPA) Program
• At HOME Cost Share

Although the data that has been exposed remains under evaluation, Deloitte says it may include names, addresses, dates of birth and Social Security numbers, and certain banking information.

Impacted households will receive a letter via mail, and affected residents can call the dedicated call center that started operation yesterday to support them.

General recommendations given by Rhode Island authorities include resetting passwords, placing a fraud alert and credit freeze on their banking accounts, and activating security measures provided by their banks.

Those who need to apply for any of the above programs may still do so via paper, following the instructions provided here.

Deloitte confirms ransomware attack

This data breach warning comes after the ransomware group 'Brain Cipher' claimed earlier this month to have attacked Deloitte and stolen data from the company.

A spokesperson rejected these allegations via a statement to BleepingComputer at the time, saying that the presented data is from a single client's system outside their corporate network.

BleepingComputer has contacted Deloitte again to ask about the details of this latest incident, and a spokesperson confirmed that it's the Brain Cipher ransomware attack.

"The State of Rhode system known as RIBridges is the "single client system" impacted by the Brain Cipher data breach," confirmed a Deloitte spokesperson.

Additionally, the auditing services giant has provided BleepingComputer with the following statement:

"Upon learning that a state system supported by Deloitte had been attacked by an international cybercriminal group, we launched an investigation in collaboration with our client and law enforcement officials," a Deloitte spokesperson told BleepingComputer.

"While that investigation is ongoing, we have shown over the past decade our unwavering commitment to the State of Rhode Island and the people they serve. We will continue to work around the clock to resolve this matter."