Rhode Island confirms data breach after Brain Cipher ransomware attack

Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
RIBridges is a modern integrated eligibility system (IES) used in Rhode Island to manage and deliver public assistance programs, helping streamline the administration of various social services.
The incident was discovered on December 5, 2024, and following an evaluation by Deloitte, it is considered very likely that hackers stole files containing personally identifiable information and other data.
"On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system," reads the announcement published by the Rhode Island authorities on Saturday.
"In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible."
"Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges."
Following Deloitte's discovery of "malicious code" in the system, RIBridges was taken offline, so citizens cannot currently access their accounts from the web portal or the mobile app.
This incident impacts applicants and beneficiaries of the following programs:
- Medicaid
- Supplemental Nutrition Assistance Program (SNAP)
- Temporary Assistance for Needy Families (TANF)
- Child Care Assistance Program (CCAP)
- Health coverage purchased through HealthSource RI
- Rhode Island Works (RIW)
- Long-Term Services and Supports (LTSS)
- General Public Assistance (GPA) Program
- At HOME Cost Share
Although the data that has been exposed remains under evaluation, Deloitte says it may include names, addresses, dates of birth and Social Security numbers, and certain banking information.
Impacted households will receive a letter via mail, and affected residents can call the dedicated call center that started operation yesterday to support them.
General recommendations given by Rhode Island authorities include resetting passwords, placing a fraud alert and credit freeze on their banking accounts, and activating security measures provided by their banks.
Those who need to apply for any of the above programs may still do so via paper, following the instructions provided here.
Deloitte confirms ransomware attack
This data breach warning comes after the ransomware group 'Brain Cipher' claimed earlier this month to have attacked Deloitte and stolen data from the company.
A spokesperson rejected these allegations via a statement to BleepingComputer at the time, saying that the presented data is from a single client's system outside their corporate network.
BleepingComputer has contacted Deloitte again to ask about the details of this latest incident, and a spokesperson confirmed that it's the Brain Cipher ransomware attack.
"The State of Rhode system known as RIBridges is the "single client system" impacted by the Brain Cipher data breach," confirmed a Deloitte spokesperson.
Additionally, the auditing services giant has provided BleepingComputer with the following statement:
"Upon learning that a state system supported by Deloitte had been attacked by an international cybercriminal group, we launched an investigation in collaboration with our client and law enforcement officials," a Deloitte spokesperson told BleepingComputer.
"While that investigation is ongoing, we have shown over the past decade our unwavering commitment to the State of Rhode Island and the people they serve. We will continue to work around the clock to resolve this matter."
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
ConnectOnCall breach exposes health data of over 910,000 patients
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)
CWE-1083 Data Access from Outside Expected Data Manager Component
CWE-637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Free online web security scanner