Deloitte paid $5 million to the state of Rhode Island for expenses related to the December breach of the RIBridges social services system, according to Gov. Dan McKee’s office. 

Deloitte, which manages the RIBridges program, is separately paying for the costs of a call center, credit monitoring and identity protection services for customers affected by the breach. 

“Deloitte has recognized that the state has immediate and unexpected expenses related to the breach and we appreciate their willingness to lend financial support,” McKee said in a statement Tuesday.

A threat group called Brain Cipher in December claimed credit for the attack against the RIBridges program, which affected more than 709,000 people. The RIBridges program provides food assistance, health insurance, cash benefits and other services to Rhode Island residents in need of help.

State officials in December warned residents to be on watch for potential fraud, as the hackers threatened to release data. A portion of alleged data was leaked in late December.

BrainCipher uses the LockBit builder for their ransomware payloads, and had been active since June 2024, SentinelOne researchers previously told Cybersecurity Dive. 

Officials sent out breach notices to people directly impacted by the attack, as well as caregivers of people impacted by the attack. The stolen data included a combination of names, addresses, Social Security numbers, dates of birth, phone numbers, health information and banking information. 

State officials in late January began a phased relaunch of the customer portal after RIBridges was taken offline in December, followed by extensive testing and remediation to determine whether the system was safe to use.

A third-party forensics report provided to state officials in January gave officials enough confidence in the security of the portal to begin a phased relaunch of online services.