(Updated) Take steps NOW if you are at risk from Rhode Island’s massive cybersecurity breach

UPDATES in RED

What you need to do – TODAY – to secure your identity, credit, and finances in the State of Rhode Island’s most recent – and one of the most serious cybersecurity breaches. Even if you have never applied or received benefits through one of the state’s systems, known collectively as RIBridges, some of these steps may be a good preventive plan for you.

Governor McKee and his top staff called press conferences to help get the word out about what has happened and what you need to do.

The numbers impacted in Rhode Island rose to an estimated 650,000.

While benefits such as SNAP and day care assistance have been paid for the month of December, we can only hope that state officials will have the system not skip a beat starting in January and payments will be made.

So – knowledge is your best weapon. Here is what we know:

Hundreds of thousands have the potential to be effected. Some are duplicates in more than one program.

Any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this breach. The programs and benefits managed through the RIBridges system include but are not limited to:  

• Medicaid    
• Supplemental Nutrition Assistance Program (SNAP)  
• Temporary Assistance for Needy Families (TANF)   
• Child Care Assistance Program (CCAP)
• Health coverage purchased through HealthSource RI   
• Rhode Island Works (RIW)
• Long-Term Services and Supports (LTSS)   
• General Public Assistance (GPA) Program
• At HOME Cost Share 

___

NEW – 12/30/24 – Data begins being dumped into the dark web

Deloitte has informed us that the cybercriminal released at least some RIBridges files to a site on the dark web. This is a scenario that the State has been preparing for, which is why earlier this month we launched a statewide outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information. Right now, IT teams are working diligently to analyze the released files. This is a complex process and we do not yet know the scope of the data that is included in those files, but as we’ve been saying for several weeks, we should assume that data contained in the RIBridges system has been compromised. While this data has been compromised, that does not mean it has been used for identity theft purposes—yet. That is why we urge Rhode Islanders to take these five simple steps to protect your financial information now.

1. Freeze Your Credit: Reach out to all three credit reporting agencies to freeze your credit. This is free and means no one else can take out a loan or establish credit in your name. You won’t lose access to your money or credit cards. You can lift the freeze at any time.NEW: If minors have received benefits or services from these programs, their guardians should also take steps to freeze and monitor the children’s credit.

2. Monitor Your Credit: Contact one of the three credit reporting agencies to order a free credit report. You can also access a free credit report through AnnualCreditReport.com. 

3. Request a Fraud Alert: Ask one of the credit reporting agencies to place a fraud alert on your files. This is free and lets creditors know to contact you before any new accounts can be opened in your name. Asking one agency to do this will cover this step for all three agencies.  

4. Use Multi-factor Authentication: This means instead of having just one password to access your information, you have a safety backup to help prove that it’s really you before you can log into your account.   

5. Be Aware: Because of the breach, you may receive fake emails, phone calls or texts that look legitimate. Remember, never share personal information – such as your social security number, date of birth or password – through an unsolicited e-mail, call or text.

The latest updates on the situation and information on how to reach credit reporting agencies are available online at cyberalert.ri.gov. You can also find information on how to protect minors.
The State is working with Deloitte to generate the list of impacted individuals. Once we have that information, we will send letters to those individuals with instructions on how to access free credit monitoring. We understand that this situation is concerning, and we appreciate Rhode Islanders’ patience as we continue to navigate this challenge together.

___

NEW: Gov. McKee held a press conference 1-10-25 to update people on the cybersecurity breach of their data and said that letters will be going out to individuals who may have been impacted – you can get 5 years credit monitoring, lifelong security identity watch.

___

NEW- HealthSourceRI offers new Flexibilities for plan selection

Note that many people have used the HealthSourceRI system to purchase private health insurance. This may be the biggest exposure.

Dec. 23, 2024: Today, Governor Dan McKee and HealthSource RI, the state’s marketplace for affordable health coverage, announced new flexibilities in place to help keep Rhode Islanders connected to coverage for 2025 while the RIBridges system, managed by Deloitte, is temporarily unavailable. 

Today HSRI is pleased to announce several flexible options to make sure its customers are covered from January 1st.

We have extended Open Enrollment through February 28, so Rhode Islanders will be able pick a plan of their choice through HSRI for an extra month this year, once enrollment through the RIBridges system becomes available. Any plan chosen can be made retroactive to January 1st.

We have arranged for customers with an urgent need for January 1st coverage to enroll directly for January and February coverage with HSRI’s longtime insurance carriers, Blue Cross & Blue Shield of Rhode Island and Neighborhood Health Plan of Rhode Island. 

Once the system becomes available to HSRI customers again, customers will receive information about how to apply for coverage for the remainder of the year through HSRI. This will ensure customers are connected with federal financial assistance in the form of advance premium tax credits for March and beyond.For more information on which customers may benefit from this stopgap option, details on how to enroll, plan options, and how to find assistance, visit healthsourceri.com/covered2025.

HSRI’s customer service team at 1-855-840-4774 will be able to assist customers with questions beginning Thursday, December 26 at 12 noon, as we will be closed Thursday morning to ensure all of our team have completed training on new special coverage rules. Extended customer service hours will also be announced shortly on healthsourceri.com/covered2025.

Aside from these new options for those not yet enrolled, here’s what certain groups of HSRI customers in various stages of the enrollment process should know and can do to keep their coverage: 

Coverage will be active for customers whose plan selections for 2025 were already made (through automatic renewal or by taking action to select a plan) and who have either already made a payment or set up auto-payment. They do not need to take any action.

Customers in 2024 plans who previously received notice that they were not automatically renewed but needed to take action to select a 2025 plan will be held in the same plans with the same insurance carriers they had been with in 2024. Once RIBridges is restored, they will have an opportunity to adjust their plan if better suited to changes in their income or other. Such changes may be allowed retroactively to January 1, if needed.

Customers who were automatically renewed but not enrolled in auto-payments or made a manual payment simply need to pay their premium. This guidance is the same for customers who selected a plan by Thursday, December 12 but had not yet paid. They can do so:in person by bringing their barcoded invoice to any CVS except those in Target locations. in person by depositing a check or money order in a 24/7 drop-box at the HealthSource RI East Providence walk-in center, 401 Wampanoag Trail. by phone through our call center at 1-855-840-4774.

___

CyberAlert.RI.Gov for further information and steps to take

RIBridges Data Breach Call Center Opens – HOURS EXTENDED RIBridges Data Breach Hotline has been extended to operate on weekends as well as weekdays. The hours are Monday through Friday, 9 a.m. to 9 p.m. and Saturday and Sunday, 11 a.m. to 8 p.m. Operated by Experian, the multilingual, toll-free hotline is 833-918-6603.

Call center staff will be able to provide general information about the breach as well as steps customers can take now to protect their data. Unfortunately, as the analysis of the data involved is still happening, call center staff will not be able to confirm whether a particular individual’s data is or is not included in the breach at this time.    Once the impacted individuals are identified, they will be mailed a letter with the information they need to secure free credit monitoring services.

___

Protecting Children’s Credit

Governor Dan McKee has outlined resources available to help parents and families who may be concerned about the security of their children’s credit in light of the recent RIBridges data breach.“ People need to act fast when it comes to protecting their personal information, and for some, that includes keeping an eye on their child’s credit,” said Governor Dan McKee. “Our State is committed to providing timely updates and resources so that Rhode Islanders and their families can take action to secure their credit and data.”

Step-by-step guidance is available through the three major credit reporting agencies:
Are My Children at Risk Of Identity Theft? (Equifax)Requesting a Minor’s Credit Report, Fraud Alert or Security Freeze (Experian)Child Identity Theft (TransUnion)

Most minors will not yet have a credit file, as minors can only take out loans or credit cards if their parents or their guardians cosign. The state cybersecurity advisor suggests that concerned guardians apply for free credit monitoring for their children based on their children’s social security numbers. The monitoring feature will alert a parent or guardian if an attempt to access their child’s credit is made.For more details and updates regarding the data breach, please visit cyberalert.ri.gov.

___

NEW: VIDEO MESSAGE ON MONDAY:

Gov. McKee just released video message for Rhode Islanders re: cyberattack breach:

Lists 5 steps to take:

1. Freeze Your Credit

• You should contact all three credit reporting agencies to do so.
• Equifax: 1-888-298-0045
• Experian: 1-888-397-3742
• TransUnion: 1-800-916-8800

2. Order a Free Credit Report

• You should request from one of the listed reporting agencies
• You can also access a free credit report online here. 

3. Place a Fraud Alert on Your Files

• You can ask one of the credit reporting agencies for help.
• This is free, and it lets creditors know to contact you before any new accounts can be opened in your name. 

4. Use Multi-factor Authentication

• Double protection makes it much harder for cybercriminals to access your information. 

5. Be Aware

• Never share personal information – such as your social security number, date of birth or password – through an unsolicited e-mail, call or text. Legitimate companies and banks do not know your password and will never ask for it.

___

INITIAL ANNOUNCEMENT

Background

On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system. In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible. Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges. 

Information for Customers  

We understand this is an alarming situation for our customers. Current customers will not be able to log into their account through the portal or the mobile app while the system is offline. Updates will be made available at https://admin.ri.gov/ribridges-alert 

Rhode Islanders seeking to apply for benefits can still submit a paper application.

Details about the Threat  

On December 5, the State was informed by its vendor, Deloitte, that the RIBridges data system was the target of a potential cyberattack. At that time, it was unclear if any sensitive information was breached. At that time, appropriate federal law enforcement and agencies were notified, as well as the Rhode Island State Police. 

After consultation with our state IT department, Deloitte immediately implemented additional security measures and started to assess the threat. It was important, for security reasons, to keep this knowledge internal until we could secure the RIBridges system. At the same time, our team began an investigation into what data may have been compromised, and how a possible attack was able to occur.  

On December 10, the State received confirmation from Deloitte that there had been a breach of the RIBridges system based on a screenshot of file folders sent by the hacker to Deloitte. On December 11, Deloitte confirmed that there is a high probability that the implicated folders contain personal identifiable data from RIBridges. On December 13, Deloitte confirmed there was malicious code present in the system, and the State directed Deloitte to shut RIBridges down to remediate the threat. State police and federal law enforcement are involved in an advisory capacity and no further leads have been provided.

While the analysis of the breach is still underway, unfortunately, Deloitte has indicated that the information involved may include names, addresses, dates of birth and Social Security numbers, as well as certain banking information, but is still assessing the situation.   

Households that may have had personal information compromised will receive a letter by mail from the State that explains how to access free credit monitoring.

However, there are steps you can take now if you know you applied for, or receive any of the above programs: Freeze your credit, place a fraud alert through major credit bureaus, change passwords, ask your bank what you can do, etc.

A dedicated call center for impacted customers will be available Sunday, December 15 from 11 a.m. to 8 p.m. After Sunday, the call center will be open Mondays through Fridays from 9 a.m. to 9 p.m. EDT. The State will update its website with the call center number on Sunday morning. 

Attorney General Peter Neronha followed this announcement with his own information on what people can do:

In response to the news of a major cyberattack on the Rhode Island State government, Attorney General Peter F. Neronha wants Rhode Islanders to have the information they need to protect themselves following a data breach. Data breaches can lead to identity theft, which is a serious crime that occurs when someone accesses your personal protected information such as your Social Security number, credit or bank account information or other identifying information without your permission. 

For information about this specific incident, visit RIBridges Alert | RI Department of Administration.

What to know here:

As required by law, affected consumers will receive notice within 30 days of discovery of the breach and the ability to provide the following information to affected consumers:

• A general and brief description of the incident, including how the security breach occurred and the number of affected individuals;
• The type of information that was subject to the breach;
• The date of breach, estimated date of breach, or the date range within which the breach occurred; and
• The date that the breach was discovered.

If you are (or think you may be) a victim of identity theft, generally:

• Contact the fraud department of any one of the three major credit bureaus (listed below) and place a fraud alert on your credit file. A fraud alert requests that creditors contact you before opening new accounts or making any changes to your existing accounts. The alert will last for 90 days.
• Close the accounts that you know or believe have been tampered with or opened fraudulently.
• File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
• File a complaint with the Federal Trade Commission at (877) 382-4357.
• Keep records of all phone calls, reports filed, correspondence, etc., and follow up phone conversations with certified letters to confirm your communication.
• Check your bank and credit card statements regularly and report any unauthorized charges, no matter how small, to your bank or financial institution.
• Check your credit report once a year to monitor any changes.

How to protect yourself from being a victim of identity theft, generally:

• Check your bank and credit card statements regularly and report any unauthorized charges, no matter how small, to your bank or financial institution.
• Check your credit report once a year to monitor any changes.
• Don’t carry your social security card in your wallet.
• Shred all credit card offers, bank and credit card statements, household bills, and all other mail or paperwork that includes personal identifying information before you toss it in the trash.
• Get a copy of your credit report. Under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.annualcreditreport.com or by calling (877) 322-8228.

You may contact the nationwide credit reporting agencies at:

• Equifax, (800) 525-6285, www.equifax.com
• Experian, (888) 397-3742, www.experian.com
• TransUnion, (800) 680-7289, www.transunion.com

___

SATURDAY NEWS CONFERENCE:

Here is the full video of Gov. McKee’s news conference Saturday night where he says people need to take action TONIGHT to protect themselves. About 6 minutes in, a national cyberecurity threat expert addresses the state:

2-step authentication:

You can set up a code to a phone (don’t use email) to further secure your accounts, where 2-step is offered.

User Name & Password: Longer passwords are important:

Use Password manager apps on your phone:

Go on: Secure Our World to see other steps to take: https://www.cisa.gov/secure-our-world – there are videos on how to make secure passwords and other steps to take.

NOTE: If you freeze your EBT card, you will not be able to use it – until you go back into the site and Unfreeze your EBT card.

We suggest getting a notebook and writing down steps you take so you can reconstruct them if you need to in the future.

This is a developing story