RIBridges $6.3M Data Breach Class Action Settlement
RIBridges $6.3M Data Breach Class Action Settlement

Individuals residing in the United States who received a notice from the State of Rhode Island indicating a data breach may have impacted their private information could be eligible to submit a claim for up to $5,000 and medical monitoring from a class action settlement. The cybersecurity incident affected 735, 501 individuals.

Deloitte Consulting LLP agreed to pay $6.3 million to settle a class action lawsuit related to a data breach involving the Rhode Island RIBridges system. The class action claimed that, on or about Dec. 5, 2024, cybercriminals unlawfully accessed personal information stored on the RIBridges system, including names, addresses, Social Security numbers, banking details and health information.

Who is eligible for a RIBridges data breach payout?

Class members must meet the following criteria:

  • They are a living individual residing in the United States.
  • They received a notice from the State of Rhode Island stating the Deloitte data breach may have impacted their private information.

How much will the settlement payment be?

Class members have the following benefit options:

  • Cash payment A – Documented losses: Class members can submit a claim for up to $5,000 in documented out-of-pocket losses traceable to the data breach. Documentation may include receipts, email correspondence, invoices for credit monitoring and identity protection and other third-party documents showing fraud or identity theft.
  • Cash payment B – Alternate cash: Class members who do not submit a documented losses claim can submit a claim for an estimated $100 cash payment. The settlement administrator will determine the final payment amount by the number of valid claims.
  • Medical data monitoring: All class members may elect to receive two years of CyEx’s medical data monitoring, which includes real-time one-bureau credit file monitoring, dark web scanning, security freezing assistance, victim assistance, up to $1,000,000 in identity theft insurance with no deductible and access to fraud resolution agents.

How to claim a data breach class action rebate

Individuals must submit a claim form to receive a settlement payment. They can file a claim online or download and print the PDF claim form to mail to the settlement administrator.

Class members must submit a claim form online or postmark it by Jan. 14, 2026.

Settlement administrator's mailing address: Pannozzi v. Deloitte Consulting LLP, c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324

Required proof and claim information

  • To submit a claim online or by mail, claimants must provide the class member ID from their official settlement noticel.
  • To submit a documented losses claim, claimants must provide supporting documentation, which may include receipts, bills or other third-party records showing expenses or losses related to the data breach.

Payout options

Class members can choose from the following payment options:

  • Electronic payment (only available for online claims)
  • Paper check mailed to the address provided

$6.3 million data RIBridges settlement fund

The $6,300,000 settlement fund includes:

  • Settlement administration costs: Estimated at $500,000
  • Attorneys' fees: Up to $2,100,000
  • Attorneys' costs: To be presented to the court for approval at a later date
  • Service awards to class representatives: Up to $2,500 each
  • Medical data monitoring: Cost determined by number of claims filed
  • Payments to approved claimants: Remaining settlement funds

Important dates

  • Opt-out deadline: Dec. 30, 2025
  • Deadline to file a claim: Jan. 14, 2026
  • Final fairness hearing: Jan. 29, 2026

When is the Deloitte RIBridges data breach settlement payout date?

The settlement administrator will issue payments and medical data monitoring codes to class members with valid claims approximately 75 days after the court grants final approval of the settlement.

Why is there a class action settlement?

This class action lawsuit alleged a data breach occurred on or about Dec. 5, 2024, when cybercriminals unlawfully accessed information stored on the Rhode Island RIBridges system. Deloitte is a consulting firm that operated and maintained the RIBridges online system. The compromised data included sensitive personal information, such as names, addresses, dates of birth, Social Security numbers, banking information, telephone numbers and health information.

Deloitte Consulting LLP denies the allegations but agreed to settle to avoid the expense and uncertainty of further litigation and a possible trial.

Sources

  1. Settlement website FAQ page
  2. Class notice
  3. Settlement claim form
Settlement Open for Claims
Award:
Up to $5,000
Deadline:
January 14, 2026
SUBMIT CLAIM