Rhode Island: Security Breach alert; info on protecting personal info

via the Rhode Island Dept. of Administration:

RIBridges Alert

On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to RIBridges, the system that manages many of the state’s social services programs. Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information.

This is the State of Rhode Island’s dedicated webpage for all the latest information on the breach. We understand this is an alarming situation, and we appreciate your patience as we investigate this matter. We will continue to navigate this challenge together. 

Update 12/16/24: 5 Steps to Protect Your Personal Information Today 

Governor McKee issued a public service announcement to encourage potentially impacted Rhode Islanders to take 5 steps to protect their personal information today. (see video above)

Update 12/15/24: RIBridges Data Breach Hotline Now Available  

• Phone number: 833-918-6603
• Hours: Open Mondays through Fridays from 9 a.m. to 9 p.m.  
• Reference number: The reference number for the Rhode Island incident is B137035. You may be asked for it when you call. 
• What they can help with: Call center staff will be able to provide general information about the breach as well as steps customers can take now to protect their personal information.  
• Can they tell me if I’m impacted?: Unfortunately, while the analysis of the data involved is still happening, call center staff will not be able to confirm if your data is included in the breach at this time.   
• Households that have had personal information compromised will receive a letter by mail from the State that explains how to access free credit monitoring.

12/14/24: Governor Urges Customers to Protect Personal Information 

Governor McKee was joined by a federal cybersecurity expert to share what potentially impacted Rhode Islanders should do now to protect their personal information.  

Steps include credit monitoring, credit freezes and two-factor authentication for financial accounts. See below for five steps you can right now to protect your personal information. 

Update 12/13/24: RIBridges Alert 

On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system. In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible. Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges.  

Details about the Data Breach   

To the best of our knowledge, any individual who has received or applied for state health coverage or health and human services programs or benefits could be impacted by this breach. The programs and benefits managed through the RIBridges system include but are not limited to:    

• Medicaid     
• Supplemental Nutrition Assistance Program (SNAP)     
• Temporary Assistance for Needy Families (TANF)     
• Child Care Assistance Program (CCAP)     
• Health coverage purchased through HealthSource RI    
• Rhode Island Works (RIW)     
• Long-Term Services and Supports (LTSS)     
• General Public Assistance (GPA) Program 
• At HOME Cost Share 

While the analysis of the breach is still underway, unfortunately, Deloitte has indicated that the information involved may include names, addresses, dates of birth and Social Security numbers, as well as certain banking information, but is still assessing the situation. 

What You Can Do 

Households that have had personal information compromised will receive a letter by mail from the State that explains how to access free credit monitoring.  

In response to the RIBridges data breach, Deloitte has contracted with Experian to run a call center which is open Mondays through Fridays from 9 a.m. to 9 p.m. 

Call center staff will be able to provide general information about the breach as well as steps customers can take now to protect their data. Unfortunately, as the analysis of the data involved is still happening, call center staff will not be able to confirm whether a particular individual’s data is or is not included in the breach at this time.  

We are currently unaware of any identity theft or fraud related to this data breach. However, we advise customers to remain vigilant and monitor their accounts for any unauthorized activity. This includes:  

#1: Freeze Your Credit  
Reach out to all three credit reporting agencies to freeze your credit. This is free and means no one else can take out a loan or establish credit in your name. You won’t lose access to your money or credit cards. You can lift the freeze at any time. 

#2: Monitor Your Credit 
Contact one of the three credit reporting agencies to order a free credit report. You can also access a free credit report through AnnualCreditReport.com. 

#3: Request a Fraud Alert  
Ask one of the credit reporting agencies to place a fraud alert on your files. This is free and lets creditors know to contact you before any new accounts can be opened in your name. Asking one agency to do this will cover this step for all three agencies. 

#4 Use Multifactor Authentication  
This means instead of having just one password to access your information, you have a safety backup to help prove that it’s really you before you can log into your account.  

#5 Be Aware   
Because of the breach, you may receive fake emails, phone calls or texts that look legitimate. Remember, never share personal information – such as your social security number, date of birth or password – through an unsolicited e-mail, call or text.