PROVIDENCE, RI - In a press conference today, Governor Dan McKee and Chief Digital Officer Brian Tardiff provided an overview of the third-party analysis of the RIBridges data breach. The analysis of the Deloitte-operated system was conducted by the cybersecurity firm CrowdStrike and revealed the following timeline:

• In July 2024, a threat actor gained entry to the RIBridges system through unauthorized use of Deloitte credentials.
• Between July and November 2024, the actor accessed 28 systems in the RIBridges environment.
• Between November 11 and 28, 2024, the actor exfiltrated numerous files from the system. 
• After November 28, the actor was no longer present in the system.

Since the breach was identified in December, the State and Deloitte have taken appropriate security measures to ensure the safety of the system and to safeguard RIBridges from similar attacks.

As part of its in-depth analysis, CrowdStrike was able to identify conclusively the number of impacted individuals—644,401. That total includes 107,757 names that were recently uncovered through CrowdStrike’s forensic analysis. Some of the recently identified individuals were neither RIBridges customers nor applicants for benefits but were included in files shared with federal agencies for verification purposes.

Notifications to these newly identified individuals should be arriving in mailboxes after Memorial Day. Deloitte has again hired Experian to staff a call center to support those whose data may have been breached. Those who receive a confirming letter dated May 22, 2025, can go online or call the toll-free hotline, 1-833-918-6603, to activate multiple years of free credit monitoring.

The call center is open Monday through Friday (except for holidays) from 9 a.m. to 9 p.m. EDT. Special weekend hours will also be available from 11 a.m. to 8 p.m. on May 31-June 1 and June 7-8.?

Since December, when the State first became aware of the data breach, the McKee Administration has repeatedly advised the public to take steps to safeguard their personal information, regardless of whether they had any connection with the RIBridges data system. The public is advised to visit the cyberalert.ri.gov website for information on how to monitor and freeze your credit and request a fraud alert. It also advises the public to use multifactor authentication and beware of unsolicited emails, calls or texts requesting personal information.

The State is in the process of pursuing options to modernize the current RIBridges system managed by Deloitte, with the goal of transitioning to a new system.