The cyberattack on **RIBridges**, Rhode Island’s online public benefits system managed by Deloitte, compromised the personal data of approximately **650,000 Rhode Islanders**. The breach, executed by the cybercriminal group **Brain Cipher**, exposed sensitive information such as **names, bank accounts, and Social Security numbers**, some of which was later uploaded to the **dark web**. Affected individuals included users of public benefit programs like **Medicaid, SNAP (Supplemental Nutrition Assistance Program)**, and **HealthSource RI** (the state’s health insurance marketplace). The incident led to **multiple class-action lawsuits**, with plaintiffs alleging Deloitte’s failure to secure, encrypt, or adequately destroy personal data, resulting in financial losses for victims. Deloitte settled with the state for **$5 million** to cover breach-related expenses and is under ongoing civil investigation by the Rhode Island Attorney General. The breach severely damaged trust in the system, prompting the state to explore alternative vendors for modernization before Deloitte’s contract expires in **2026**.
TPRM report: https://www.rankiteo.com/company/deloitte
"id": "del3932939091625",
"linkid": "deloitte",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '650,000',
'industry': 'Public Sector',
'location': 'Rhode Island, USA',
'name': 'Rhode Island State Government (RIBridges)',
'type': 'Government Agency'},
{'industry': 'Consulting, Technology Services',
'name': 'Deloitte Consulting LLP',
'type': 'Vendor/Service Provider'}],
'data_breach': {'data_encryption': 'Allegedly inadequate (per lawsuit: '
"failure to 'properly secure, safeguard, "
"encrypt')",
'data_exfiltration': 'Yes (some data uploaded to the dark '
'web)',
'number_of_records_exposed': '650,000',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'bank account '
'details'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers, bank accounts)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data']},
'date_publicly_disclosed': '2023-12',
'description': 'The cybercriminal group Brain Cipher illegally accessed the '
'personal information of approximately 650,000 Rhode Islanders '
"via the state's RIBridges online public benefits system. The "
'breach occurred between July and November of the previous '
'year, exposing data such as names, bank accounts, and Social '
'Security numbers. Some of the breached data was uploaded to '
'the dark web. Deloitte, the vendor managing the platform, '
'agreed to settle multiple class-action lawsuits and paid the '
'state $5 million to cover breach-related expenses. The state '
'is exploring alternative vendors to modernize the system.',
'impact': {'brand_reputation_impact': 'Significant (lawsuits, civil '
'investigation, vendor replacement '
'considerations)',
'customer_complaints': 'Multiple class-action lawsuits filed',
'data_compromised': ['names',
'bank accounts',
'Social Security numbers'],
'identity_theft_risk': 'High (personal data exposed on dark web)',
'legal_liabilities': ['$5 million paid to the state by Deloitte',
'Class-action lawsuits (Pannozzi v. Deloitte '
'Consulting LLP)',
'Civil investigation by Rhode Island '
'Attorney General'],
'payment_information_risk': 'High (bank accounts compromised)',
'systems_affected': ["RIBridges (Rhode Island's online public "
'benefits system)']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (some breached data '
'uploaded to the dark web)',
'high_value_targets': ['RIBridges database (public '
'benefits system)']},
'investigation_status': 'Ongoing (civil investigation by RI Attorney General, '
'class-action settlements pending court approval)',
'post_incident_analysis': {'corrective_actions': ['Settlement agreements for '
'affected individuals',
'Vendor contract '
'termination (expires June '
'2026) and exploration of '
'alternatives',
'$5 million payment to '
'state for breach-related '
'expenses'],
'root_causes': ['Failure to secure, safeguard, or '
'encrypt personal data (alleged in '
'lawsuit)',
'Vendor (Deloitte) oversight or '
'system vulnerabilities']},
'references': [{'source': 'The Herald'},
{'date_accessed': '2024-08-25',
'source': 'Court documents (Pannozzi v. Deloitte Consulting '
'LLP)'},
{'date_accessed': '2024-02',
'source': 'Press statement by Gov. Dan McKee'}],
'regulatory_compliance': {'legal_actions': ['Class-action lawsuits (Pannozzi '
'v. Deloitte Consulting LLP)',
'Civil investigation by Rhode '
'Island Attorney General']},
'response': {'recovery_measures': ['Exploring alternative vendors (e.g., '
'Northland Highland Holding Company) to '
'modernize RIBridges system'],
'remediation_measures': ['$5 million payment to the state for '
'breach-related expenses',
'Settlement of class-action lawsuits '
'(details pending court approval)']},
'threat_actor': 'Brain Cipher',
'title': 'Cyberattack on RIBridges by Brain Cipher Affecting 650,000 Rhode '
'Islanders',
'type': ['data breach', 'cyberattack']}