Image: © IDOL'foto/Stock.adobe.com
Potentially hundreds of thousands of people have been affected, with threat actors gaining access to a wide range of sensitive information.
Professional services firm Deloitte has informed the US state of Rhode Island that the RIBridges social services platform has suffered a serious breach, potentially placing hundreds of thousands of people at risk of having their private information exposed. The system has since been taken offline in order to address the threat.
After initially raising concerns that a breach had occurred, it was later confirmed (13 December) that malicious code had been discovered within the RIBridges system and that threat actors may have access to sensitive data such as names, addresses, dates of birth, social security numbers and banking information.
RIBridges is an online portal for public services that enables people to access a number of important programmes, for example medicaid, child care assistance and health insurance and has since been taken down, with users encouraged to be vigilant and monitor their accounts for any unusual activity.
Brian Tardiff, the state’s chief digital officer, has said that those who have taken responsibility for the breach have issued an undisclosed ransom demand, threatening to make public the stolen information if they don’t receive payment.
In a statement issued by governor Dan McKee, he said, “the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system. In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible.
“Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges.”
There has been a string of high-profile cyber attacks in recent months, with US wireless network operator T-Mobile reporting a significant breach. Additionally, Blue Yonder, an Arizona-based Panasonic subsidiary, which supplies supply-chain software to several grocery stores in the UK and US including Tesco, Starbucks and Sainsbury’s, also suffered a serious attack in November.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
