Hackers spent five months undetected in Rhode Island’s public benefits system, RIBridges, according to a new report released.
The cybersecurity company CrowdStrike, that worked the forensic analysis of the breach, listed the timespan of the breach as beginning in early July 2024, and the state of the knowledge of the intrusion in early December 2024.
During the initial intrusion, virtually none of the information was stolen, and the “Brain Cipher” hackers gained access to the RIBridges network after compromising the login credentials of an employee at Deloitte, a contractor managing RIBridges system. How these credentials were obtained is not known at this time.
Once inside, the attackers had free rein to act undetected by Deloitte until they reached out to the IT vendor in December and warned them they’d release personal data they had stolen, according to the source.
Over the period of November 11 to November 28,2024, apts of rude of data were extracted from RIBridges system, as per CrowdStrike report. Deloitte communicated with the state after the hackers reached out to the firm and on Dec. 4, Deloitte alerted state officials who took the RIBridges system offline on Dec. 13.
The breach has affected a large number of Rhode Island residents. Early numbers indicated that about 650,000 people were impacted.
However, the most recent discovery suggests that the personal information of 644,401 residents was in fact breached and subsequently uploaded to the dark web.
Among the exposed information includes full names, addresses, dates of birth, Social Security numbers, and bank account details.
Governor Dan McKee, speaking at a press conference on Thursday, said he was unsatisfied with the delayed discovery of the access, saying, “Well, obviously we’re not pleased by it, and we’re acting accordingly.
This is why the attorney general is investigating what the implications are there. I can say that in these circumstances that it won’t be detected for that length of time is something that I don’t think that’s acceptable.”
He also said that the state is “several months away” from soliciting proposals from other vendors to possibly replace Deloitte and the RIBridges system, which has had myriad problems since its inception in 2016.
Compounding the problem, the CrowdStrike analysis led to an updated list of victims. Roughly 115,000 individuals initially believed to be affected and sent letters of warning in December are now considered likely to be in the clear.
On the flipside, about 107,000 people whose records were not as widely believed to have been burgled can change that thought as well and will soon receive new letters of notification.
This population is comprised of those whose employment status was confirmed with the Department of Labor and Training, and a small number of individuals whose data comes from a child support data system administered by the Department of Children, Youth and Families.
The state has said that no ransom was accepted in the attack. Free credit monitoring is being made available to those affected.
McKee called on residents to stay vigilant and follow guidance on how to protect their financial information, such as placing a freeze on their credit, monitoring credit reports, implementing multi-factor authentication and being wary of unsolicited communications. The AG’s office is now considering taking action against Deloitte, for its part in the breach.
