Thousands of Rhode Island citizens have data stolen after social services hit
by cyberattack

Date:
Mon, 16 Dec 2024 13:01:00 +0000

Description:
RIBridges benefits system hit by a cyberattack that likely compromised the 
PII of thousands of Rhode Island citizens.

FULL STORY

A cyberattack which hit the RIBridges system may have compromised the data of
thousands of Rhode Island citizens who have applied for, or are on, a range 
of health coverage, human services, or benefit programs. 

Rhode Island Governor Dan McKee confirmed the breach, noting in a statement
posted on the Governors official site in response to the major security
threat, the RIBridges system has been taken down, with all those seeking to
apply for benefits needing to do so on paper. 

The attack likely occurred on December 5, according to the statement, with 
the system subsequently being taken down on December 13, with the 
confirmation statement being issued on December 14.

Benefits services hit, personal data stolen

The states vendor, Deloitte, informed the Rhode Island governor there was a
high probability that the attacker had successfully exfiltrated the 
personally identifiable information (PII) of thousands of people belonging to
a number of benefits programs, including:

Medicaid Supplemental Nutrition Assistance Program (SNAP)
Temporary Assistance for Needy Families (TANF)
Child Care Assistance Program (CCAP)
Health coverage purchased through HealthSource RI Rhode Island Works (RIW)
Long-Term Services and Supports (LTSS)
General Public Assistance (GPA) Program

At the time of the attack, Deloitte notified federal authorities about a
potential cyberattack against the RIBridges system. On December 10, Deloitte
received a screenshot of internal RIBridges files from the attacker,
confirming that the breach had likely resulted in the theft of PII. Deloitte
further confirmed the presence of malicious code within the RIBridges system,
resulting in the shutdown of the service. 

The PII may include names, addresses, dates of birth and Social Security
numbers, Deloitte stated, with potential compromise of certain banking
information, but nothing has been confirmed as of yet. No one has come 
forward to claim responsibility for the attack, and no PII from the attack 
has been spotted online yet.

The governors statement recommended that RIBridges customers remain vigilant
and be on the lookout for potential fraud and suspicious banking 
transactions, change passwords in line with cyber hygiene standards, and 
those affected should contact their bank for further recommendations on
account security. 

A multilingual customer hotline has been set up in a collaborative effort
between Deloitte and Experian, with affected citizens being contacted to
provide free credit monitoring services.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/thousands-of-rhode-island-citizens-have
-data-stolen-after-social-services-hit-by-cyberattack

$$
--- SBBSecho 3.20-Linux