Hackers behind a cyberattack targeting Rhode Island's public benefits system were able to obtain sensitive data, including Social Security numbers and certain banking information, from hundreds of thousands of people, and have threatened to release him as soon as this week if they are not paid a ransom, Rhode Island Governor Dan McKee said in a press conference on Saturday night. The Rhode Island government opened a toll-free hotline on Sunday (833-918-6603) to provide information about non-compliance and how residents can protect themselves, but you won't be able to know for sure if your data was stolen by calling. People who may have been affected will be notified by mail.
The attack targeted the RIBridges system, maintained by Deloitte, which is used to apply for Medicaid, the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), HealthSource RI health care coverage and other public benefits available to Rhode Islanders. A press release from McKee's office notes that “anyone who has received or applied for medical coverage and/or health and human services programs or benefits could be affected by this leak.”
It is believed that the hackers were able to obtain information including names, addresses, dates of birth, Social Security numbers and “certain banking information.” Deloitte first detected the breach and notified state officials on December 5, and determined on the 11th that there was “a high probability that the folders involved contain personally identifiable data from RIBridges.” It confirmed the presence of malicious code on December 13 and subsequently shut down the system, before officials announced the attack to the public later that day.
The system is now offline while Deloitte works to secure it, meaning anyone who needs to apply for one of the affected programs will have to do so by mail, and people who are currently enrolled will not be able to access the online portal. or application. The state said it has not detected any identity theft or fraud related to the attack so far, but will offer free credit monitoring to anyone affected by the breach.
