RIBridges Data Breach Affects 650,000 Individuals

RIBridges, Rhode Island’s unified technology platform for administering public benefits, experienced a significant data breach impacting approximately 650,000 individuals. The incident, which was disclosed to the Rhode Island Attorney General’s office on Jan. 14, 2025, is among the largest breaches in the state’s history.

The breach occurred when the Brain Cipher threat group exploited credentials belonging to a Deloitte employee, gaining unauthorized access to the RIBridges system in July 2024. This advanced cyberattack went undetected for several months and was only discovered after the hackers posted stolen data on a leak site in December 2024. As a result, sensitive information was exposed, including names, Social Security numbers, account numbers, addresses, banking and financial information, dates of birth, driver’s license numbers, email addresses, phone numbers, as well as health and medical information.

Both personally identifiable information (PII) such as names, Social Security numbers, driver’s license numbers and contact details, and protected health information (PHI) including medical and health records, were compromised. Notably, some affected individuals had never directly used RIBridges but were included in the breach due to federal verification processes. The full scope of the breach, including the types of information exposed, is detailed in the Attorney General’s disclosure.

RIBridges’s response

In response to the breach, the state took the RIBridges system offline for about a month to contain the incident and assess the damage. Deloitte, which operates RIBridges under contract, worked with cybersecurity firm CrowdStrike to investigate the breach, strengthen security protocols and implement additional safeguards. The system has since undergone a phased relaunch with improved protections.

A $6.3 million settlement was reached to resolve a class action lawsuit brought by those affected. Impacted individuals are encouraged to monitor their financial accounts and credit reports closely, as the breach involved both financial and health information. Those who believe their data may have been compromised should consider placing fraud alerts or credit freezes with major credit bureaus and remain vigilant for suspicious activity.