The app for independent voices
Hackers who broke into the State of Rhode Island's benefits systems and stole citizens' data in 2024 had persistence in the system for FIVE MONTHS before consulting giant (and WEF corporate partner) Deloitte, which had the contract to run the system, was able to detect the breach.
The ONLY reason why one of the biggest providers of cybersecurity (and other technology-related) consulting services on the planet, with annual revenue of $67 billion, was able to detect the breach is because the threat actor ‘showed their hand’ and demanded ransom payment!
In a press conference today, Governor Dan McKee and Chief Digital Officer Brian Tardiff provided an overview of the third-party analysis of the RIBridges data breach. The analysis of the Deloitte-operated system was conducted by the cybersecurity firm CrowdStrike and revealed the following timeline:
In July 2024, a threat actor gained entry to the RIBridges system through unauthorized use of Deloitte credentials.
Between July and November 2024, the actor accessed 28 systems in the RIBridges environment.
Between November 11 and 28, 2024, the actor exfiltrated numerous files from the system.
After November 28, the actor was no longer present in the system.
Since the breach was identified in December, the State and Deloitte have taken appropriate security measures to ensure the safety of the system and to safeguard RIBridges from similar attacks.
As part of its in-depth analysis, CrowdStrike was able to identify conclusively the number of impacted individuals—644,401. That total includes 107,757 names that were recently uncovered through CrowdStrike’s forensic analysis. Some of the recently identified individuals were neither RIBridges customers nor applicants for benefits but were included in files shared with federal agencies for verification purposes.
Notifications to these newly identified individuals should be arriving in mailboxes after Memorial Day.
Deloitte has again hired Experian to staff a call center to support those whose data may have been breached. Those who receive a confirming letter dated May 22, 2025 can go online or call the toll-free hotline, 1-833-918-6603, to activate multiple years of free credit monitoring.
