If you are a resident of Rhode Island and recently applied for government assistance through rib bridgesThere is a high probability that your personal data has been compromised in a new data breach.
Hackers stole RIBridges account holders’ names, dates of birth, Social security numbers and banking information, government officials said. As of Tuesday, the cybercriminal group responsible for the attack, brain encryptionis holding the data ransom and is threatening to leak it on the dark web.
If you received the following benefits since RIBridges launched in 2016, your data could be at risk:
- Medicaid Supplemental Nutrition Assistance Program
- Temporary Assistance for Needy Families
- Child Care Assistance Program
- Health coverage purchased through HealthSource
- RI Rhode Island Works
- Long-term services and supports
- General Public Assistance Home Program Cost Sharing
“State government agencies are often considered easy to get because they may lack the most sophisticated cybersecurity protections, but they have very valuable information that identity criminals want,” James Lee, chief operating officer of the agency, told CNET in an email. Identity Theft Resource Center.
The online portal RIBridges, operated by Deloitte, has been temporarily closed while authorities work to remedy the threat. Deloitte confirmed the breach on December 11, which is believed to have affected hundreds of thousands of residents.
Deloitte, which works with over 25 US stateshas told the media that only RIBridges systems were compromised by the Brain Cipher attack. The company did not immediately respond to CNET’s requests for comment.
“After consulting with our state IT department, Deloitte immediately implemented additional security measures and began assessing the threat,” the the governor’s office said in a statement on their website.
If you were affected by this breach, you will be notified in the coming weeks and will receive access to credit monitoring and identity theft services paid for by Deloitte, state officials said during a Dec. 14 news conference.
For up-to-date information on the breach, you can visit cyberalert.ri.gov
What should I do if I am affected by the RIBridges hack?
If your data is compromised in a cyber attack, your personally identifiable data may be leaked to the dark web and you may be subject to fraud. There are steps you can take to help protect your identity and potentially stop identity thieves in their tracks.
in a short video Posted on December 16, Rhode Island Governor Daniel McKee outlined some steps residents can take to limit the consequences of a data breach. As a cybersecurity editor, I added a few more helpful steps to this list to block any sensitive information.
Update your password
You should change your RIBridges account password as soon as possible. If you used the same password on other accounts, change that as well.
Set up multi-factor authentication
Multi-factor authentication is a great way to protect your accounts from scammers trying to commit fraud. After you sign in to an account, the website or mobile app will send you a verification code via email or text message to confirm that it is really you signing in to the account.
A recent The CNET survey found that 41% of American adults enrolled in two-factor authentication after their data was compromised in a data breach.
Request copies of your credit reports
Ought request copies of your credit report from each credit bureau and review it for errors or accounts you didn’t open. It’s good to do this several times a year, especially if you know your personal data has been compromised in a breach.
You can request free copies of your credit reports weekly at annualcreditreport.com.
Freeze your credit reports
McKee recommended residents contact all three credit reporting agencies (Experian, TransUnion and Equifax) and freeze your credit. Freezing your credit ensures that no one can open a new line of credit in your name and rack up debt against your credit score. However, to apply for credit yourself, you will need to temporarily unfreeze or “unfreeze” your credit.
“You can freeze your credit online in a matter of minutes on a smartphone or computer,” Lee said.
Alternatively, you can place fraud alerts on your credit reports, which notify you if someone tries to access your credit profile. However, fraud alerts last only 12 months and do not block creditors from accessing your reports. This may be a good option if you plan to apply for credit soon and just want to be notified before an account is opened in your name.
Be on the lookout for phishing attacks
If your personal data is leaked during a breach, you’ll likely start receiving phishing attempts from scammers looking to break into your financial accounts or obtain more personal information.
These scams can occur via text, email, and phone and can take many forms, from non-delivery package scams and fake job opportunities to cryptocurrency scams.
Never give out your personal information, including your social security number and passport number, through any unsolicited communication.
Sign up for identity theft protection
RIBridges account holders affected by this breach will receive free identity theft protection services paid for by Deloitte.
Once that free period of coverage ends, you may consider sign up for continued coverage on your own.
