Strauss Borrelli PLLC, a leading data breach law firm, is investigating Deloitte and its client, RIBridges, regarding its recent data breach. The Deloitte data breach may have involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT DELOITTE:
Deloitte is a global professional services organization. Founded in 1845, Deloitte provides a variety of services to businesses, including tax services, consulting, audit and assurance, risk and financial advisory services, AI and analytics, and more.4 Today, Deloitte offers these services to a range of industries such as consumer, energy, resources and industrials, financial services, government and public services, life sciences and healthcare, technology, media and telecommunications.4 Deloitte’s US division is headquartered in New York, New York, and its network of member firms spans more than 150 countries and territories, and together employs over 450,000 individuals worldwide.5
WHAT HAPPENED?
On December 13, 2024, Rhode Island State was informed by its vendor, Deloitte, that there was a major security threat to RIBridges, the system that manages many of the State’s social services programs.1 Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information.1 As a result, Deloitte launched an investigation to determine the nature of the incident.
Through its investigation, Deloitte confirmed that any individual who has received or applied for state health coverage or health and human services programs or benefits in Rhode Island could have been impacted by this breach.1 The programs and benefits managed through the RIBridges system include but are not limited to:
- Medicaid
- Supplemental Nutrition Assistance Program (SNAP)
- Temporary Assistance for Needy Families (TANF)
- Child Care Assistance Program (CCAP)
- Health coverage purchased through HealthSource RI
- Rhode Island Works (RIW)
- Long-Term Services and Supports (LTSS)
- General Public Assistance (GPA) Program
- At HOME Cost Share
Additionally, while the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Address
- Date of birth
- Banking information
Recently, the State of Rhode Island Department of Administration posted a notice of the incident on its website. Additionally, the State plans to mail individual breach notification letters affected individuals. Based on the website breach notice, the State is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring. A link to the form breach notification that the State posted to its website is below.
If you received a breach notification letter from Deloitte or the State of Rhode Island:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS:
[1] https://admin.ri.gov/ribridges-alert
[2] https://www.infosecurity-magazine.com/news/deloitte-rhode-island-data-breach/
[3] https://www.linkedin.com/company/deloitte/about/
[4] https://www2.deloitte.com/us/en.html
[5] https://www2.deloitte.com/us/en/pages/about-deloitte/articles/about-deloitte.html
