The personal and banking details, including Social Security numbers, of hundreds of thousands of Rhode Island residents may have been hacked in a ransomware attack by international cybercriminals, state officials said on Saturday.
State officials continued stating that the hackers engaged in extortion by threatening to release the stolen information unless a specific ransom amount was paid.
“Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges,” the governor’s office said in a statement.
The governor’s office added that hackers accessed RIBridges, the state’s social services online portal, earlier this month. However, Deloitte, their vendor, only confirmed the breach on Friday.
“Addressing the cybersecurity breach of the RI Bridges system is a top priority for my Administration. We’re working with law enforcement and IT experts. We’ll continue to keep Rhode Islanders updated,” Governor Dan McKee said in a post on X.
The security breach impacted users of state government assistance programmes, including:
- Medicaid
- Supplemental Nutrition Assistance Program (SNAP)
- Temporary Assistance for Needy Families (TANF)
- Child Care Assistance Program (CCAP)
- Health coverage via HealthSource RI
- Rhode Island Works (RIW)
- Long-Term Services and Supports (LTSS)
- General Public Assistance (GPA) Program.
The breach potentially affects anyone who has applied for or received benefits through these programmes since 2016.
The state instructed Deloitte to temporarily shut down RIBridges to address the security threat. During this period, new benefit applications must be submitted on paper until system restoration.
The state plans to send letters to affected households, informing them of the situation and providing guidance on protecting their data and bank account.