RIBridges $6.3M Data Breach Class Action Settlement
RIBridges $6.3M Data Breach Class Action Settlement
Published
December 1, 2025 6:53 PM
Updated
December 1, 2025

Individuals residing in the United States who received a notice from the State of Rhode Island indicating their private information may have been impacted in a data breach, may be eligible to submit a claim for up to $5,000 and medical monitoring from a class action settlement. The cybersecurity incident affected 735, 501 individuals.

Deloitte Consulting LLP has agreed to pay $6.3 million to settle a class action lawsuit related to a data breach involving the Rhode Island RIBridges system. The class action claims that, on or about Dec. 5, 2024, cybercriminals unlawfully accessed personal information stored on the RIBridges system, including names, addresses, Social Security numbers, banking details, and health information.

Who is eligible for a RIBridges data breach payout?

Class members must meet the following criteria:

  • They are a living individual, residing in the United States.
  • They received a notice from the State of Rhode Island stating their private information may have been impacted by the Deloitte data breach.

How much will the settlement payment be?

Class members have the following benefit options:

  • Cash payment A – Documented losses: Class members can submit a claim for up to $5,000 in documented out-of-pocket losses traceable to the data breach. Documentation may include receipts, email correspondence, invoices for credit monitoring and identity protection and other third-party documents showing fraud or identity theft.
  • Cash payment B – Alternate cash: Class members that do not submit a documented losses claim can submit a claim for an estimated $100 cash payment. Final payment amount will be determined by the number of claims filed.
  • Medical data monitoring: All class members may elect to receive two years of CyEx’s medical data monitoring, which includes real-time one-bureau credit file monitoring, dark web scanning, security freezing assistance, victim assistance, up to $1,000,000 in identity theft insurance with no deductible and access to fraud resolution agents.

How to claim a data breach class action rebate

Individuals must submit a claim form to receive a settlement payment. Class members can file a claim online or download and print the PDF claim form to mail to the settlement administrator.

Claims must be submitted online or postmarked by Jan. 14, 2026.

Settlement administrator's mailing address: Pannozzi v. Deloitte Consulting LLP c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324

Required proof and claim information

  • Class Member ID from official settlement notice required to submit a claim online or by mail.
  • Documented losses claims require supporting documentation, which may include receipts, bills, or other third-party records showing expenses or losses related to the data breach.

Payout options

Class members can choose from the following payment options:

  • Electronic payment, only available for online claims
  • Paper check mailed to the address provided

$6.3 million data RIBridges settlement fund

The $6,300,000 settlement fund includes:

  • Settlement administration costs: Estimated at $500,000
  • Attorneys' fees: Up to $2,100,000
  • Attorneys' costs: To be presented to the court for approval at a later date
  • Service awards to class representatives: Up to $2,500 each
  • Medical data monitoring: Cost determined by number of claims filed.
  • Payments to approved claimants: Remaining settlement funds

Important dates

  • Deadline to file a claim: Jan. 14, 2026
  • Opt-out deadline: Dec. 30, 2025
  • Final fairness hearing: Jan. 29, 2026

When is the Deloitte RIBridges data breach settlement payout date?

Payments and medical data monitoring codes will be issued to class members with valid claims approximately 75 days after the court grants final approval of the settlement.

Why is there a class action settlement?

This class action lawsuit was filed after a data breach occurred on or about Dec. 5, 2024, when cybercriminals unlawfully accessed information stored on the Rhode Island RIBridges system. Deloitte is a consulting firm that operated and maintained the RIBridges online system. The compromised data included sensitive personal information such as names, addresses, dates of birth, Social Security numbers, banking information, telephone numbers, and health information.

Deloitte Consulting LLP denies the allegations, but agreed to settle to avoid the expense and uncertainty of further litigation and a possible trial.

Sources

  1. Settlement website FAQ page
  2. Class notice
  3. Settlement claim form
Settlement Open for Claims
Award:
$100 - $5,000
Deadline:
January 14, 2026
SUBMIT CLAIM