A high-profile ransomware gang called the Brain Cipher has been notoriously targeting Rhode Island's "RIBridges" social services platform.
RI Bridges has fallen prey to the infamous hacker group's data leak. The group has been leaking stolen documents on the social services platform.
RI Bridges is an integrated eligibility system (IES) used by Rhode Island officials to manage social services programs. This includes Medicaid, SNAP (Supplemental Nutrition Assistance Program), and Temporary Assistance for Needy Families (TANF).
It also handles programs like the Child Care Assistance Program (CCAP), HealthSource RI health coverage, and more.
The data leaked involves sensitive information of individuals on the system, including names, addresses, dates of birth, social security numbers and some banking information.
RIBridge’s Data Compromised
Rhode Island was alerted to the incident on December 5, 2024, by its vendor, Deloitte.
Bleeping Computer reported that the hackers gained access to Rhode Island’s social services platform on December 10, 2024.
“Unfortunately, Deloitte has informed us that the cybercriminal released at least some RIBridges files to a site on the dark web,” stated Dan McKee, Governor of Rhode Island in an official statement.
In response to the cyber attack, Rhode Island launched a statewide outreach strategy to encourage potentially impacted civilians in the state to protect their personal information.
The island’s IT teams are currently analysing the released files.
“This is a complex process and we do not yet know the scope of the data that is included in those files,” expressed Governor Mckee, “but as we’ve been saying for several weeks, we should assume that data contained in the RIBridges system has been compromised.”
Also Read: Employee Data Exposed Following Dell Cyber Attack
Deloitte Denies Data Compromise
Deloitte, one of the Big Four accounting firms has denied compromise of any data. Brain Cipher, however, alleges breaching Deloitte UK's systems and stealing 1 terabyte (TB) of compressed data.
The government statement noted that on December 10, the State received confirmation from Deloitte of a breach of the RIBridges system based on a screenshot of file folders sent by the hacker to Deloitte.
"On December 13, Deloitte confirmed there was malicious code present in the system, and the State directed Deloitte to shut RIBridges down to remediate the threat." the statement added.
The State is working with Deloitte to investigate the Brain Cipher hacking of RIBridges.
Rhode Island instructed civilians to follow five steps to protect their financial information including:
- Freeze Your Credit: Reach out to all three credit reporting agencies to freeze your credit. This is free and means no one else can take out a loan or establish credit in your name. You won’t lose access to your money or credit cards. You can lift the freeze at any time.
- NEW: If minors have received benefits or services from these programs, their guardians should also take steps to freeze and monitor the children’s credit.
- Monitor Your Credit: Contact one of the three credit reporting agencies to order a free credit report. You can also access a free credit report through AnnualCreditReport.com.
- Request a Fraud Alert: Ask one of the credit reporting agencies to place a fraud alert on your files. This is free and lets creditors know to contact you before any new accounts can be opened in your name. Asking one agency to do this will cover this step for all three agencies.
- Use Multi-factor Authentication: This means instead of having just one password to access your information, you have a safety backup to help prove that it’s really you before you can log into your account.
- Be Aware: Because of the breach, you may receive fake emails, phone calls or texts that look legitimate. Remember, never share personal information – such as your social security number, date of birth or password – through an unsolicited e-mail, call or text.
