Illustration depicting the breach of cybersecurity within the RIBridges system.
Rhode Island Governor Dan McKee has condemned Deloitte for their failure to detect a long-lasting cyberattack that infiltrated the RIBridges system, affecting the personal data of over 644,000 individuals. The breach, which lasted four months, was only acknowledged after a ransomware group assumed responsibility. Deloitte had been alerted to suspicious activity multiple times but did not act effectively. The state is now considering legal actions against Deloitte while Deloitte has pledged $5 million for damage control, including credit monitoring for affected individuals.
Rhode Island Governor Dan McKee has publicly criticized Deloitte for failing to detect a prolonged cyberattack that compromised the RIBridges system, responsible for managing vital state infrastructure. The attack, which went unnoticed for four months, resulted in the theft of extensive personal information from over 644,000 individuals.
The RIBridges system’s breach began as early as July 2, 2024, when unauthorized cyber actors gained access using compromising credentials. Investigators from CrowdStrike, hired to look into the incident, confirmed the hackers exfiltrated gigabytes of sensitive data between November 11 and November 28, 2024. Alarmingly, the intrusion was only acknowledged by Deloitte after the ransomware group Brain Cipher claimed responsibility on December 4, 2024.
The cyberattack has raised serious concerns, particularly given that Deloitte had received multiple alerts from a firewall management portal regarding suspicious activity across 15 systems but failed to take effective action. The breach compromised personal data, including names, addresses, dates of birth, Social Security numbers, and banking information of 644,401 individuals. The initial breach notifications, sent to a total of 657,000 individuals in January, mistakenly included 114,879 people whose information was later confirmed to be secure. Additionally, another 107,757 individuals were found to have been affected by the breach but were not initially notified.
As a direct response to the breach, Deloitte informed the state about potential suspicious activity on December 5, 2024. Consequently, the RIBridges system was temporarily taken offline on December 13, 2024, disrupting new enrollments for health services and putting a halt to several critical state functions.
According to CrowdStrike, the investigation initiated on December 16, 2024, highlighted that attackers were able to access 28 out of 338 systems within the RIBridges environment. The attackers employed remote monitoring tools to maintain persistent access, compromising the security measures that Deloitte claimed were in place, including multifactor authentication (MFA). However, the effectiveness of these measures could not be verified due to insufficient log retention.
In light of these developments, Governor McKee has described the situation as unacceptable and announced that the state is exploring legal options against Deloitte for their oversight in the duration and management of this cyber incident. While Deloitte has agreed to cover $5 million to help mitigate the impact of the breach, including costs for credit monitoring services for affected individuals, the crisis highlights broader trends in cybersecurity failures. A recent study revealed that 43% of organizations become aware of breaches not through their own internal systems but through external sources.
In the wake of the breach and following thorough recovery efforts, the state has commenced a phased relaunch of the RIBridges customer portal. This reintegration follows exhaustive testing to ensure the security of the system. Additionally, state officials are engaging in discussions about potential modernization of the RIBridges infrastructure managed by Deloitte, with plans to consider transitioning to an entirely new system moving forward.
Conclusion: The ongoing investigation and the public fallout from this breach have put Deloitte’s cybersecurity measures under scrutiny and raised critical issues about the management of state infrastructure. The implications of this cyberattack extend beyond individual data privacy concerns, touching upon the integrity of state systems essential for delivering services to the public.
News Summary In response to the Washington Bridge closure, Rhode Island has unveiled a $2.6…
News Summary Rhode Island's RIBridges system suffered a cyberattack affecting 644,401 individuals, prompting state officials…
News Summary A cyberattack on Rhode Island's benefits system has compromised the personal data of…
News Summary The Rhode Island House has passed legislation allowing public utilities to purchase nuclear…
News Summary Rhode Island has reached an $11 million settlement with Barletta Heavy Division Inc.…
News Summary A shocking shooting incident outside the Capital Jewish Museum in Washington D.C. claimed…