Skip to main content
close search
site logo

Hack of Rhode Island social services platform impacted at least 709K, officials say

State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and efforts are underway to restore access.

Published Jan. 10, 2025
David Jones's headshot
Reporter
Rhode Island Chief Digital Officer Brian Tardiff and Gov. Dan McKee speak at a Dec. 30 press briefing on the cyberattack against the RIBridges social services database. The officials held a Jan. 10 briefing to notify thousands of recipients that breach notification letters were being mailed out.
Rhode Island Chief Digital Officer Brian Tardiff and Gov. Dan McKee speak at a Dec. 30 press briefing on the cyberattack against the RIBridges social services database. The officials held a Jan. 10 briefing to notify thousands of recipients that breach notification letters were being mailed out. Courtesy of Rhode Island

Rhode Island began mailing notification letters Friday to alert individuals impacted by the December ransomware attack against the state social services agency, Gov. Dan McKee said during a Friday press conference. 

Officials estimate the information of 657,000 people was accessed in the attack, but the state sent letters to 709,000 individuals, as some people in the database are cared for by relatives or other people. Victims will get five years of free credit monitoring and additional identity protection services.

A threat group called Brain Cipher claimed credit for the attack against the RIBridges database, which includes a range of social services for hundreds of thousands of people in the state. The benefits range from food assistance to health coverage and cash benefits, among other programs. 

Hackers began releasing information on a leak site in late December, and officials have been analyzing the data to confirm what type of information was leaked. The hacked data potentially includes names, addresses, Social Security numbers, dates of birth, phone numbers, health information and banking information, the letter said.

The notification letters are expected to take a few days to get out to affected people. Deloitte is still reviewing information that was impacted by the hack and provided a summary report, however McKee warned it is likely more victims of the hack will be identified. If additional people are identified, they will also get copies of the letter. 

Deloitte is responsible for covering the costs stemming from the investigation and remediation of the site.

Officials said they are confident the security threat has been remediated, based on the third-party forensics report. 

“The findings in these reports provide a high level of confidence that we know how the breach was executed, and that we have taken the appropriate measures to ensure the system can be restored safely,” Brian Tardiff, chief digital officer for Rhode Island, said at the press conference.

A two-phase restoration plan is underway, and they are working on phase two, which is the public facing section of the database, Tardiff said. They are targeting a mid-January resumption of the database. 

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Excelsior Orthopaedics Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
American Trust Retirement Data Breach Investigation
From Migliaccio and Rathod LLP
January 07, 2025
Medusind Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.