It’s been over a month since Alexandra DeMasi’s banking information was compromised in the RIBridges cybersecurity attack.
But still, “it doesn’t feel great,” DeMasi told The Herald.
Based in North Jamestown, DeMasi and several others in her close circle were among the approximately 650,000 Rhode Islanders — or over half of the state— potentially impacted by the RIBridges data breach at the end of last year.
On Dec. 13, Gov. Dan McKee’s office announced that RIBridges, the state’s online public benefits system, had been hit by a massive cyberattack.
The breach may impact Rhode Islanders enrolled in public benefit programs like Medicaid and the Supplemental Nutrition Assistance Program, wrote Karen Greco, spokesperson for the Rhode Island Department of Administration, in an email to The Herald. Current and former clients of HealthSource RI, the state’s health insurance marketplace, may have also been impacted.
The state has since initiated a “phased relaunch of the customer portal” and hopes to fully restore all services “in the coming weeks,” Greco said.
International cybercriminal group Brain Cipher was identified as the group behind the breach. The group uploaded a number of files to the dark web, McKee said in a Dec. 30 announcement.
Greco did not comment on the current status of the compromised data.
In 2024, over 144,000 Rhode Islanders received benefits from SNAP, a federal program providing food assistance to low-income households.
Lihna Agostini, director of community outreach at the Rhode Island Community Food Bank, works with a team to help eligible Rhode Islanders enroll in SNAP.
The breach, by potentially impacting those enrolled in public assistance programs, raises concerns for the most vulnerable populations in the state “who rely on these benefits for a number of reasons,” Agostini wrote in an email to The Herald.
DeMasi noted that people who struggle with financial literacy were left more vulnerable in the aftermath of the breach and expressed frustration at the state’s lack of guidance and assistance.
“Any (actions) I took were because I already had a base level of financial literacy,” DeMasi said. “I didn’t get this information from the state.”
Agostini shared similar sentiments and added that “many people came together to look out for those who were affected.” She also praised the R.I. Department of Health Services for getting “ahead of the situation quite quickly.”
The day following his announcement of the breach, McKee held a press conference advising Rhode Islanders on how to protect their confidential information. Greco added that call centers and a dedicated web page have been set up in the breach’s aftermath.
RIBridges operator Deloitte has since been hit with three class action lawsuits, the Rhode Island Current reported.
After identifying a potential breach on Dec. 5, Deloitte notified state officials, who began working with the company to assess the threat. Deloitte “immediately implemented additional security measures and started to assess the threat,” according to a Department of Administration web page. “It was important, for security reasons, to keep this knowledge internal until we could secure the RIBridges system,” the web page continues.
On Dec. 10, Deloitte confirmed that RIBridges had been breached. The state told Deloitte to shut the platform down on Dec. 13.
“The state has robust policies and contractual requirements of its vendors regarding cybersecurity,” Greco wrote. Deloitte did not respond to a request for comment.
“Cyberattacks these days can be quite sophisticated,” said Nikos Triandopoulos MSc’02 PhD’07, a visiting associate professor of computer science. “These attacks are generally hard to prevent or contain, sometimes even to detect.”
The best cybersecurity systems practice an equal balance of prevention and detection, Triandopoulos said. “There will always be something that the attacks can exploit,” he added. “Let’s learn how to deal with them.”
“Breaches are kind of a fact of life,” said DeMasi, who has since set up additional security measures on her accounts.
“As the nation continues to see more cyberattacks, the state will remain vigilant in understanding potential threats and taking steps to put mitigations in place,” Greco added.
Megan is a metro editor covering health and environment. Born and raised in Hong Kong, she spends her free time drinking coffee and wishing she was Meg Ryan in a Nora Ephron movie.
