Ransomware group begins leaking data stolen in Rhode Island RIBridges cyberattack

The Brain Cipher ransomware gang has begun leaking sensitive data stolen during its attack on RIBridges, Rhode Island’s health coverage, human services, and benefits programs website. The data, revealed on the group’s dark website last week, appears to include personally identifiable information (PII) of up to 650,000 individuals, including Social Security numbers, addresses, and even details about minors.

The ransomware attack, which began on December 5, 2024, was confirmed by the state’s vendor, Deloitte, five days after the attackers provided screenshots of internal systems. Deloitte acknowledged that the hackers had accessed and potentially stolen sensitive data. The ransomware gang has since started leaking portions of the stolen files, likely to pressure Rhode Island and Deloitte into paying a ransom.

Cybersecurity researcher Connor Goodwolf, who examined the leaked files, revealed that they contain large volumes of data, including folders with tens of gibibytes of information. Goodwolf shared screenshots of the leaked materials on X (formerly Twitter), highlighting the severity of the breach and noting that data pertaining to both adults and minors had been exposed.

The Brain Cipher group also issued a statement accompanying the leak, implying that payment would have resolved the issue: “It seems that it was easier to pay and fix everything.”

Rhode Island Governor Daniel McKee confirmed publicly that the leaked data had been published on the dark web. “Deloitte informed us that the cybercriminal released some RIBridges files on the dark web. While IT teams are working diligently to analyze the files, the most important thing Rhode Islanders can do is protect their personal information now,” McKee said.

State officials have urged affected residents to take immediate steps to protect themselves. These include utilizing the state’s free credit monitoring services, freezing credit reports, and remaining vigilant against phishing scams targeting compromised email addresses.