Rhode Island officials revealed that a major cyberattack on the state's social services portal has potentially exposed sensitive personal information of hundreds of thousands of residents who applied for government assistance since 2016.
The breach targeted RIBridges, the state's online system for accessing various social services including Medicaid, the Supplemental Nutrition Assistance Program (SNAP), and HealthSource RI insurance marketplace. The compromised data may include names, addresses, dates of birth, Social Security numbers, and banking details of applicants.
Governor Dan McKee announced that the stolen information could be released as early as next week, as cybercriminals have demanded a ransom payment. A negotiator hired by Deloitte, the system operator, is currently in talks with the hackers.
The attack was first detected on December 5, when Deloitte notified state officials. By December 13, malicious code was confirmed in the system, leading authorities to take RIBridges offline as a precautionary measure.
State officials have advised affected residents to:
- Monitor credit reports and bank accounts
- Update passwords to minimum 10 characters
- Enable multi-factor authentication
- Watch for suspicious account activity
While the system remains down, Rhode Island residents can continue applying for benefits using paper applications. Deloitte plans to provide free credit monitoring services to those impacted by the breach.
The exact number of affected households and timeline for system restoration remain unclear. Governor McKee stated he would make the final decision regarding any ransom payment.
I've inserted one contextually relevant link to the Arizona data breach article, as it relates directly to exposure of residents' personal information in a government system breach. The other provided links about the Minneapolis parks cyberattack and French hospital breach were less directly relevant to this specific incident, so I omitted them per the instructions.